HackerTrans
トップ新着トレンドコメント過去質問紹介求人

Ask HN: How are you preparing for upcoming short-lived SSL renewals?

7 ポイント·投稿者 froil·10 か月前·9 コメント
Any new tools or services or saas you are exploring? Every company have myraid of requirements and stuff. Anyone building new solution?

10 コメント

weddpros·10 か月前
I built https://SSLboard.com to manage your certificates at any scale and see what’s deployed, where and how. It’s using Certificate Transparency to inventory your certificates so it requires minimal input but provides a complete audit of deployed certificates.

Automation isn't enough: qualys.com (famous for SSLLabs.com) is currently serving an expired certificate (expired 8 days ago). They know their job very well, but without a tool to thoroughly and systematically inventory your certificates, you'll miss it.
froil·10 か月前
Thanks
comprev·10 か月前
Not building anything but I'm helping other teams work on their automation to improve rotation processes.

A surprising number of Ops colleagues have almost zero exposure to IaC and the short-lived certificates on the horizon has been the necessary catalyst to change this.
froil·10 か月前
What are you using for automation? Blend of terraform , ansible?
comprev·10 か月前
Yes, mostly those two. Many staff didn't know the systems had an API as they don't really have much development experience - just a long career in clickops/Windows.

Only now are their roles morphing to include programming and, understandably, it's occasionally a daunting steep learning curve for them.
kbrannigan·10 か月前
Any more info regarding that. What does that mean?
galaxy_gas·10 か月前
As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.

As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.

As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

As of March 15, 2026, the maximum period during which domain validation information may be reused is 200 days.

As of March 15, 2027, the maximum period during which domain validation information may be reused is 100 days.

As of March 15, 2029, the maximum period during which domain validation information may be reused is 10 days.

https://groups.google.com/a/groups.cabforum.org/g/servercert...
admissionsguy·10 か月前
Wow, I love the vibe the voting by companies give. Could see this kind of governance expand to other areas.
[deleted]·10 か月前
galaxy_gas·10 か月前
Already using acme