Zack Newman wrote:
> There was a thread[^1] early this year on @tech talking about this.
> The fact IP addresses could be issued an X.509 v3 certificate was not
> explicitly mentioned, but there was talk about short-lived certs and
> more generally the notion of "profiles".
>
> Stuart replied a few months back on that thread talking about a "slight
> issue", but it seems to me that acme-client(1) will eventually have this
> ability. I presume this includes support for IP addresses, but I
> obviously can't speak on behalf of Stuart and company.
>
> [^1]: https://marc.info/?l=openbsd-tech&m=173659382332551&w=2
Thanks for finding this - I searched the lists but didn't turn up anything.
Might play around with this patch a bit - good to prepare for when they
eventually roll out the inevitable 60 second certificate lifetimes...
No comments:
Post a Comment