Arstechnica reports
In July of 2017, the nonprofit certificate authority Let's Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free "wildcard" certificates to enable secure HTTP connections for entire domains. Today, Let's Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.
[....]Many hosting providers already support the registration of Let's Encrypt certificates to varying degrees. But Let's Encrypt's free certificate offering hasn't been snapped up by some larger hosting providers—such as GoDaddy—who also sell SSL certificates to their customers.
(Score: 2) by Booga1 on Wednesday March 14 2018, @10:19PM (3 children)
I responded with an example of network infrastructure where we use certificates. And of COURSE you don't have to request from the machines that eventually use the certs because the machines that use them may have no way of doing it, much less in an automated fashion. That was the main complaint after all. Not that it changes much for any other issuing certificate authority(even the one run by the company I work at). As for Cisco IOS, I've no direct experience with it(the stuff here is by F5). With a quick search it seems IOS does indeed support some use of certificates: Public Key Infrastructure Configuration Guide, Cisco IOS XE Release 3S [cisco.com]
A router that also performs load balancing seems to be a standard feature for them. Not sure if it's similar to the F5 stuff we use, but here's this:
(Score: 2) by insanumingenium on Wednesday March 14 2018, @11:17PM (2 children)
As for your Cisco link, the rest of that paragraph shows that it isn't talking about load balancing in the same sense as you are thinking.
(Score: 3, Interesting) by Booga1 on Wednesday March 14 2018, @11:51PM (1 child)
I think might see part of the disconnect. I'm not referring to managing the equipment by securing access to them via those certificates. I mean managing the certificates those devices have on them as they are used to masquarade/identify the machines behind them as the hosts specified in the certificates. Of course I can't imagine letting the public access the management of the devices. I'm not sure what scenario would someone want a publicly configurable privately owned network.
Also, the inter-network load balancing scenarios are indeed not what I was thinking of. Using certificates from LE would indeed be silly to use for strictly internal management of network equipment. I was thinking of server traffic load balancing, but I'm not sure if they offer a combo unit that does both routing and load balancing in that particular sense.
Anyway, I guess lack of specificity in the original complaint and how I interpreted the response is what got me started on this thread. Now that I see what you're referring to I'm pretty sure I'm in agreement with you.
(Score: 2) by insanumingenium on Thursday March 15 2018, @04:11PM
No worries mate, I probably could be clearer as well.