martin f krafft wrote:
also sprach Viktor Dukhovni <postfix-us...@dukhovni.org> [2017-09-18 00:31 +0200]:So your certral system generates the keys, and obtains the LE certificates on behalf of the far-flung hosts? And then pushes these keys to the hosts over an SSH tunnel?Is that only for the initial key issuance? And then each host rotates the certs independently of the central system using the existing key to authenticate to LE?No, they're all managed centrally and pushed regularly.
Then you have all the cert fingerprints available in a central location and can easily push them on your smart host. Maybe I misread something though.
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
