alt Hacker NewsAs a sysadmin in the 2007-2011 timeframe I literally used openssl to generate csrs, went to godaddy to purchase SSL certificates and then manually deployed them to servers. Man what a world of change. Let's encrypt is one the best services we've had on the internet. I wish we had more things like this.
Replies
As a sysadmin in 2020 - 2024 time frame I used to do that all the time at my previous job, got a strong openlssl cli game going whenever needed to generate a new csr for existing key or new key and shovel an exact amount of SANs into the CSR too. Lot of time wasted. There were also a certain set of customers for which we managed systems and they insisted for it to be done this way as something free on the internet is not to be trusted. Oh well, strange times.
Would be cool to have it for S/MIME too.
Ah man, I remember those days. So tedious!
i was doing this until a couple years back when a friend told me about LetsEncrypt! It's like magic!!
It's been a long time so this is my fading memory, but CAs used to generate a private key on their end and let you download both private key and the certificate containing the public key. The non-technical person who paid big money for the certificate then emails the zip file to the developer. That's when StartTLS wasn't that big back then either.
Just comically bad way to obtain certs.