Request for Conducting PoC

Hi,

I work for a financial institute and we are interested to conduct a PoC for incorporating Lets Encrypt certificate in our test environment. I would like to know if there any policies/legal aspects that needs to be addressed before we initiate our PoC?

Any recommendations/inputs will be highly appreciated.

Regards,
Richa Garg

Hi,

if you developing code for this i would recommend that you start the test with the staging server.
For production you maybe need too check with @jsha that your domain is not on the high risk list.
If so there would be an problem.

To use the staging environment, no legal agreements are needed. When you issue certificates in production, you’ll need to agree to the Subscriber Agreement, which can be found at https://letsencrypt.org/repository/. The agreement is handled programmatically as part of the protocol - you don’t have to send any forms.

I mentioned that he should check it with you because he said that he is working for an “financial institute” so
the “blacklist alert bells” go on.

That’s a good point. Yes, you should double-check whether the domain name is on the blacklist. You can do this by attempting to create an authorization for any subdomain against the production API. If it succeeds, you are in the clear.

Thanks jsha and tlussnig for your inputs. :slight_smile:

The error message for domains on the blacklist has been updated to read “Policy prevents issuing for name ____”, so it should be easier to recognize :slight_smile:

2 Likes