263
edits
Changes
Jump to navigation
Jump to search
mLine 5:
Line 5: − +
GC HTTPS Certificate Guidance (view source)
Revision as of 10:08, 25 October 2018
, 10:08, 25 October 2018→Certificate Recommendations and Guidance
While there are many technical details within the report that are not captured in this brief summary, the most important recommendations are:
While there are many technical details within the report that are not captured in this brief summary, the most important recommendations are:
* Domain Validated (DV) server certificates are recommended for use by GC public facing websites. While the use of Organization Validated (OV) and Extended Validation (EV) certificates is not precluded, DV certificates are preferred due to their lower cost, the ability to support automated certificate issuance, and the fact that DV certificates provide the same level of security between the web browser and web server as OV and EV certificates.
* Domain Validated (DV) server certificates are recommended for use by GC public facing websites. While the use of Organization Validated (OV) and Extended Validation (EV) certificates is not precluded, DV certificates are preferred due to their lower cost, the ability to support automated certificate issuance, and the fact that DV certificates provide the same level of security between the web browser and web server as OV and EV certificates.
* The use of the free service provided by Let’s Encrypt is recommended for obtaining DV certificates combined with the use of compatible certificate management agents. If used, OV and EV certificates should be obtained from SSC (contact [mailto:ssc.ssltls.spc@canada.ca ssc.ssltls.spc@canada.ca]) in order to take advantage of the reduced pricing from an approved CA vendor.
* The '''use of the free service provided by Let’s Encrypt is recommended''' for obtaining DV certificates combined with the use of compatible certificate management agents (e.g.: https://digital.canada.ca/). If used, OV and '''EV certificates should be obtained from SSC''' (contact [mailto:ssc.ssltls.spc@canada.ca ssc.ssltls.spc@canada.ca]) in order to take advantage of the reduced pricing from an approved CA vendor.
<br>
<br>
For additional information, please see [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]] for GC Public Facing Web Services or contact TBS-CIOB Cybersecurity ([mailto:zzTBSCybers@tbs-sct.gc.ca zzTBSCybers@tbs-sct.gc.ca])
For additional information, please see [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]] for GC Public Facing Web Services or contact TBS-CIOB Cybersecurity ([mailto:zzTBSCybers@tbs-sct.gc.ca zzTBSCybers@tbs-sct.gc.ca])
