Comment by asim

15 hours ago

As a sysadmin in the 2007-2011 timeframe I literally used openssl to generate csrs, went to godaddy to purchase SSL certificates and then manually deployed them to servers. Man what a world of change. Let's encrypt is one the best services we've had on the internet. I wish we had more things like this.

6 comments

asim

Ayesh 10 hours ago

It's been a long time so this is my fading memory, but CAs used to generate a private key on their end and let you download both private key and the certificate containing the public key. The non-technical person who paid big money for the certificate then emails the zip file to the developer. That's when StartTLS wasn't that big back then either.

Just comically bad way to obtain certs.

j16sdiz 7 hours ago

Many CA have in browser javascript-based private key generation.
(Of course the same page have GoogleAnalytics and facebook button -- otherwise it would be too secure.)

merpkz 6 hours ago

As a sysadmin in 2020 - 2024 time frame I used to do that all the time at my previous job, got a strong openlssl cli game going whenever needed to generate a new csr for existing key or new key and shovel an exact amount of SANs into the CSR too. Lot of time wasted. There were also a certain set of customers for which we managed systems and they insisted for it to be done this way as something free on the internet is not to be trusted. Oh well, strange times.

noAnswer 11 hours ago

Would be cool to have it for S/MIME too.

amatecha 12 hours ago

Ah man, I remember those days. So tedious!

par 13 hours ago

i was doing this until a couple years back when a friend told me about LetsEncrypt! It's like magic!!