Line 16: |
Line 16: |
| <br> | | <br> |
| For additional information, please see [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]] for GC Public Facing Web Services or contact TBS-CIOB Cybersecurity ([mailto:zzTBSCybers@tbs-sct.gc.ca zzTBSCybers@tbs-sct.gc.ca]) | | For additional information, please see [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]] for GC Public Facing Web Services or contact TBS-CIOB Cybersecurity ([mailto:zzTBSCybers@tbs-sct.gc.ca zzTBSCybers@tbs-sct.gc.ca]) |
| + | |
| + | <br> |
| + | ===Automated Certificate Management Engine (ACME)=== |
| + | RFC 8555: Automatic Certificate Management Environment<br> |
| + | Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certification authorities (CAs) in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. As of this writing, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a CA and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation. |
| <br><br> | | <br><br> |
| + | For details, see the IETF document here: https://tools.ietf.org/html/rfc8555 |
| + | <br><br> |
| + | From the Datatracker, published 2019-03-12: https://datatracker.ietf.org/doc/rfc8555/ |
| + | |
| + | <br> |
| ===Wildcard Certificates=== | | ===Wildcard Certificates=== |
| It is recognized that wildcard certificates offer several advantages and they may be used where appropriate, however it should be recognized that wildcard certificates may introduce certain risks depending on how they are used. | | It is recognized that wildcard certificates offer several advantages and they may be used where appropriate, however it should be recognized that wildcard certificates may introduce certain risks depending on how they are used. |
Line 32: |
Line 42: |
| Download the Recommendations for TLS Server Certificates.pdf: | | Download the Recommendations for TLS Server Certificates.pdf: |
| [[File:Pdf icon.png|75px|left|link=https://wiki.gccollab.ca/images/8/89/Recommendations_for_TLS_Server_Certificates.pdf]] | | [[File:Pdf icon.png|75px|left|link=https://wiki.gccollab.ca/images/8/89/Recommendations_for_TLS_Server_Certificates.pdf]] |
− | <br><br>
| |
− | <br>
| |
| <br><br> | | <br><br> |
| | | |