Hi! Tell me, what is required to use your service authority to obtain ssl certificates lets’encrypt on level 3 domains or how you can get more than 50 certificates per week?
start with some basics:
Then select a client.
Or, if you have an own service: Create your own client.
I never found the answer to my first question. Is it possible to get a certified intermediate certificate for your level 2 domain, and be able to certify your own level 3 domains? Thanks for your help!
This is possible, but Let's Encrypt doesn't offer the service. The term is "Technically Constrained Subordinate Certificate (TCSC)", and you may be able to purchase one from a commercial CA.
Is it possible to get a certified intermediate certificate for your level 2 domain, and be able to certify your own level 3 domains?
May be, you can use a wildcard certificate for your level 2 domain, aka the one valid for any level 3 subdomain of your level 2 domain. Let’s Encrypt does offer those (if you can pass DNS challenge). In this case, the only difference is that you are using the same certificate for all subdomains rather than creating individual certificates for each subdomain.
This question about https://letsencrypt.org/docs/integration-guide/
“The upshot of this is that, if you are a hosting provider, you do not need to send us your customers’ email addresses or get them to agree to our Subscriber Agreement. You can simply issue certificates for the domains you control and start using them.”
Looks like we can get intermediate certificate, but we don’t understand period of this cert (is it just 90 days?)
No, that guide is not talking about an intermediate certificate authority, it’s talking about you as the hosting provider being the intermediary for provisioning certificates on behalf of your customers. You are not signing your own certificates, you are just using the standard ACME process to get leaf certificates from Let’s Encrypt which is possible because they’ve delegated control of their domain to you as the hosting provider.
As @jsha said previously in this thread, Let’s Encrypt does not provide the ability to get an intermediate (TCSC) certificate.
To add and hopefully clarify:
You can’t “reuse” an LE cert to generate “child” certs from it.
Intermediate certs can’t be used for anything other than what intermediate certs were made for.
Perhaps you don’t have a clear picture of “how” certs “work” and stay secure.
In any case, the closest thing to anything remote similar, would be to obtain multiple wildcard certs (from specific subdomains) and delegate them to individual users (while keeping them separated - in their own subdomains).
But that isn’t really secure - from their perspective, you would also have their private key.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.