← Back to context

Comment by kyrra

1 day ago

Many of the cloud providers give free certs via acme.

https://cloud.google.com/certificate-manager/docs/public-ca-... (EDIT: Google is their own CA, with https://pki.goog/ )

The browsers and security people have been pushing towards shorter certs, not longer ones. Knowing how to rotate a cert every year, if not shorter, helps when your certificate or any of your parent certs are compromised and require an emergency rotation.

2 comments

kyrra

Reply
CGamesPlay  1 day ago

Does AWS provide something similar? I found ACM "exportable certificates", but that involves AWS managing your private key.

  • schoen  1 day ago

    Last I knew, AWS would issue a free certificate to people using certain AWS services, but, as you say, only if Amazon is managing the private key. You can also use ACM APIs to import keys and certificates from other CAs.