On 8/29/23 12:58 PM, Charles Mills wrote:
https://letsencrypt.org/ provides free automated "real CA" certificates. IIRC they only support requests made using the "ACME" automation protocol. Will the HMC support that?
Let's Encrypt supports multiple authentication methods. One of which is DNS based and can be used to authenticate an FQDN that can be resolved via the public DNS tree.
This means that you can use an ACME client which supports DNS authentication -- there are multiple -- to request a certificate for an FQDN that is not accessible from the Internet. Ergo it is possible to get a certificate that is signed by Let's Encrypt, a well known CA, which you can then install in your HMC.
However, this will become labor intensive as you will need to do this roughly every 90 days.
You could also play other games wherein you have an Internet accessible web server running a fully automated ACME client. Have it act as a proxy of sorts to provide a certificate and key for use on the HMC. -- Is this advisable, nope, not at all. Would it work, I think so. I'd bet a fast food meal that it would work.
Aside: What is a "real CA" other than one that has their root certificate(s) installed in clients? }:-)
-- Grant. . . . ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
