User Client Certificates

I am wondering if Let’s Encrypt is supporting to create user client certificates for validation against a letsencrypt server certificate. In the past times I already used Certbot successfully for creation of server certificates. But I did not fin any hint in the documentation. I probably overseen it.

Hi @ol2tmx,

Nope, Let’s Encrypt does not issue this kind of certificate at all.

1 Like

I should add that Let’s Encrypt certificates can be used for client authentication, but the subject of the certificate must be a DNS domain name and can’t be any other kind of entity. So they could be used to perform authentication of one computer to another computer, if the authenticating computer is identified by a DNS domain name.

For authenticating people, you can potentially issue your own client certificates directly if you have a prior basis for ground truth. Client certificates don’t have to be publicly trusted, so you can create your own authority to issue these certificates and then confirm that a client certificate you receive was issued by your authority. For example, you can use a client certificate that you issue as an alternative to, or a supplement to, a user’s password.

What Let’s Encrypt can’t do, that other certificate authorities might be in a position to do, is issue a certificate confirming a person’s legal identity or a person’s control over a specific e-mail address.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.