SUSE Hack Week: Let’s Encrypt integration into openSUSE/SLE

"Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open."[1]

The idea would be to integrate the openSUSE/SLE support into the Let's Encrypt Client.

"The Let's Encrypt Client is a tool to automatically receive and install X.509 certificates to
enable TLS on servers. The client will interoperate with the Let's Encrypt CA which will be
issuing browser-trusted certificates for free."[2]

Let's Encrypt uses the Automated Certificate Management Environment (ACME) protocol[3]
to distribute certificates easily. Part of this project idea would be to understand the protocol
in detail.

From the Let's Encrypt blog[4]:

Nov 12, 2015
Public Beta: December 3, 2015
Let’s Encrypt will enter Public Beta on December 3rd, 2015. Once 
we’ve entered Public Beta our systems will be open to anyone who
would like to request a certificate.

Join this project Leave this project

Looking for hackers with the skills:

x509 certificate tls encryption acme

This project is part of:

Hack Week 13

Activity

almost 8 years ago: thardeck disliked this project.

about 9 years ago: vbabka liked this project.

about 9 years ago: fcrozat liked this project.

about 9 years ago: joachimwerner liked this project.

about 9 years ago: thardeck liked this project.

about 9 years ago: msmeissn joined this project.

about 9 years ago: cschum liked this project.

about 9 years ago: mvidner liked this project.

about 9 years ago: johannes_p joined this project.

about 9 years ago: bmwiedemann joined this project.

about 9 years ago: abergmann joined this project.

about 9 years ago: pgonin liked this project.

about 9 years ago: osukup liked this project.

about 9 years ago: pluskalm liked this project.

about 9 years ago: hennevogel liked this project.

about 9 years ago: Jedibeeftrix liked this project.

about 9 years ago: kalabiyau liked this project.

about 9 years ago: markgard started this project.

about 9 years ago: Nijel liked this project.

about 9 years ago: abergmann added keyword "x509" to this project.

about 9 years ago: abergmann added keyword "certificate" to this project.

about 9 years ago: abergmann added keyword "tls" to this project.

about 9 years ago: abergmann added keyword "encryption" to this project.

about 9 years ago: abergmann added keyword "acme" to this project.

about 9 years ago: abergmann originated this project.

Comments

about 9 years ago by Jedibeeftrix | Reply

this would be an immensely valuable project for leap users. setting up an owncloud (or similar) server is trivial. enabling https is an ugly and painful process right now. this would help greatly.

about 9 years ago by osukup | Reply

i added for Letsencrypt bootstrap for openSUSE, but in SLE isn't python-virtualenv package:(

about 9 years ago by abergmann | Reply

Yah, I've managed to pull my first Let's Encrypt certificate last night. ;-)

 Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1
 Validity
     Not Before: Dec  3 21:29:00 2015 GMT
     Not After : Mar  2 21:29:00 2016 GMT

Yah, I've managed to pull my first Let's Encrypt certificate last night. ;-)

 Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1
 Validity
     Not Before: Dec  3 21:29:00 2015 GMT
     Not After : Mar  2 21:29:00 2016 GMT

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

about 9 years ago by lnussel | Reply

http://blog.fefe.de/?ts=a89f4ed6 https://community.letsencrypt.org/t/list-of-client-implementations/2103 Might be worth to look at e.g. https://github.com/lukas2511/letsencrypt.sh and do a clean and small C implementation

about 9 years ago by abergmann | Reply

It's true, the python footprint of the official tools is quite intense to say the least. So a slender implementation would be a better approach to get this on as many platforms as possible. Digging into this... ;-)

about 9 years ago by msmeissn | Reply

320148: integrate letsencrypt

about 9 years ago by msmeissn | Reply

(I also opened: FATE#320148: integrate letsencrypt)

about 9 years ago by bmwiedemann | Reply

I had good success with https://github.com/diafygi/acme-tiny and my helper /suse/bwiedemann/Export/contrib/Makefile

about 7 years ago by dmolkentin | Reply

It's done. SLE/openSUSE 15 will have letsencrypt support through dehydrated, a client that comes with less baggage than the official one, as well as a bunch of useful enabler scripts.

Similar Projects

x509

Kanidm: A safe and modern IDM system by firstyear

Kanidm is an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

Kanidm Github

In addition Kanidm has spawn a number of adjacent projects in the Rust ecosystem such as LDAP, Kerberos, Webauthn, and cryptography libraries.

In this hack week, we'll be working on Quokca, a certificate authority that supports PKCS11/TPM storage of keys, issuance of PIV certificates, and ACME without the feature gatekeeping implemented by other CA's like smallstep.

For anyone who wants to participate in Kanidm, we have documentation and developer guides which can help.

I'm happy to help and share more, so please get in touch!

certificate

Kanidm: A safe and modern IDM system by firstyear

Kanidm is an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

Kanidm Github

In addition Kanidm has spawn a number of adjacent projects in the Rust ecosystem such as LDAP, Kerberos, Webauthn, and cryptography libraries.

For anyone who wants to participate in Kanidm, we have documentation and developer guides which can help.

I'm happy to help and share more, so please get in touch!

tls

Hack on libstrophe by sjaeckel

Description

libstrophe has some open PR's and issues that I'd like to work on and finalize.

Since libstrophe is also targeted for embedded devices, it would make sense to have support for mbedTLS.

Also I've recently discovered rustls as TLS library. If time allows I'd like to integrate that into libstrophe.

Goals

Merge most open PRs

Maybe

Add mbedTLS as TLS provider
Add rustls as TLS provider

Resources

https://github.com/strophe/libstrophe

https://github.com/rustls/rustls

Looking for hackers with the skills:

This project is part of:

Activity

Comments

about 9 years ago by Jedibeeftrix | Reply

about 9 years ago by osukup | Reply

about 9 years ago by abergmann | Reply

about 9 years ago by lnussel | Reply

about 9 years ago by abergmann | Reply

about 9 years ago by msmeissn | Reply

320148: integrate letsencrypt

about 9 years ago by msmeissn | Reply

about 9 years ago by bmwiedemann | Reply

about 7 years ago by dmolkentin | Reply

Similar Projects

x509

Kanidm: A safe and modern IDM system by firstyear

certificate

Kanidm: A safe and modern IDM system by firstyear

tls

Hack on libstrophe by sjaeckel

Description

Goals

Maybe

Resources