263
edits
Changes
Jump to navigation
Jump to search
Line 6:
Line 6: − +
GC HTTPS Certificate Guidance (view source)
Revision as of 13:58, 27 March 2019
, 13:58, 27 March 2019→Certificate Recommendations and Guidance
While there are many technical details within the report that are not captured in this brief summary, the most important recommendations are:
While there are many technical details within the report that are not captured in this brief summary, the most important recommendations are:
<br>
<br>
* '''Domain Validated (DV)''' server certificates are recommended for use by GC public facing. While the use of Organization Validated (OV) and Extended Validation (EV) certificates is not prevented, DV certificates are preferred due to their lower cost, and ability to support automated certificate issuance, for the same level of security between the web browser and web server as OV/EV certificates.
* '''Domain Validated (DV) server certificates are recommended''' for use by GC public facing. While the use of Organization Validated (OV) and Extended Validation (EV) certificates is not prevented, DV certificates are preferred due to their lower cost, and ability to support automated certificate issuance, for the same level of security between the web browser and web server as OV/EV certificates.
* The use of the free service provided by '''Let’s Encrypt is recommended for obtaining DV certificates''' combined with the use of [https://letsencrypt.org/docs/client-options/ compatible ACME certificate management agents] (https://letsencrypt.org/docs/client-options/).
* The use of the free service provided by '''Let’s Encrypt is recommended for obtaining DV certificates''' combined with the use of [https://letsencrypt.org/docs/client-options/ compatible ACME certificate management agents] (https://letsencrypt.org/docs/client-options/).
** '''Note:''' This CA should be chosen by an organization who has the ability to manage their certificates, and does not need 3rd party support in the case of an outage. Let’s Encrypt is very much <u>serve yourself</u>.
** '''Note:''' This CA should be chosen by an organization who has the ability to manage their certificates, and does not need 3rd party support in the case of an outage. Let’s Encrypt is very much <u>serve yourself</u>.
