Tools for SSL/Key Management?


Letsencrypt has developed it’s tools for issuance, renewal and revocation now to reduce the time and financial barrier to obtaining the SSL certificates. Are there any plans for developing self hosted tools that folks can use to better manage their sets of SSL certificates, private keys, CSR files etc when they have many web sites ?

I can imagine in a few years where individuals have multiple web sites with many SSL certs, that being able to easily manage and keep track these would be important too. Like safe guarding their CSR and private keys.

GlobalSign has a Certificate Inventory Tool which allows you to manage SSL certificates expiry dates/reminders for any SSL certificates you own

Maybe Letsencrypt could have something similar and take it further for backup and management ? This could tie into facilitating proper backup process for safe guarding the secondary pin hashes from SKPI for backup private keys for HTTP Public Key Pinning - thus making implementing HPKP easier.

Maximum (and minimum) certificate lifetimes?

One thing we’re working on is that Let’s Encrypt Certificate Manager, which helps people view what certs they have and renew or revoke existing certs (probably among other future features).

If someone has fancier ideas that can integrate with ACME, that would be great!


nice - extending Let’s Encrypt Certificate Manager to backups might be good for HPKP so you could back up the backup keys for HPKP and also allow folks to view with SSL certs and sites have what specific key pins associated with their sites :slight_smile:

Maybe even add external check function in the Let’s Encrypt Certificate Manager could curl the site’s headers and check if the live sites pins match what was backed up and generated in the Let’s Encrypt Certificate Manager backup copy ? Maybe could eventually used as part of a verification process for auto rotating HPKP policy every 90 days ?


I’m happy to see people contribute patches or just feature requests (the latter can be sent to the GitHub issue tracker for the Let’s Encrypt client right now). Probably the developers working with ISRG won’t do all of this for the initial launch, because there’s still a lot of other functionality to get in place!


Added request to the issue tracker at :slight_smile:


Thanks for the feature request.