Making headway on changing the SSL CAs


#1

StartSSL has jumped on the automation bandwagon.

https://www.startssl.com/StartEncrypt


#2

Yes, but the approach so far seems a bit odd. There is no documentation (at least I didn’t find one) and it does try to push 3Mb elf file into init.d as a service. They are likely using api.startssl.com, so probably alternative clients are possible. Also they have [https://olog.startpki.com/ReceiveFeedbackServer] referenced in the code.

I think so far they lack documentation allowing to understand how exactly it works. So for example in the environment with multiple domains set on different hosts I’d still go for LE even though the validity period of the certificate is shorter - just because with LE I would know how to set up everything effectively and I wouldn’t have to run unknown daemons on multiple machines.

If they publish some docs though, that might be interesting indeed.