Greetings Colleagues, I would like to encrypt the domain of my library's OPAC and staff interface using Let's Encrypt. Are there any issues with Let's Encrypt and Koha which I should know about? Thank you, Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary
It works like a charm :-D El vie., 22 sept. 2017 a las 15:57, Christopher Davis (< cgdavis@uintah.utah.gov>) escribió:
Greetings Colleagues,
I would like to encrypt the domain of my library's OPAC and staff interface using Let's Encrypt. Are there any issues with Let's Encrypt and Koha which I should know about?
Thank you,
Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091 <(435)%20789-0091>> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (https://theke.io <http://theke.io/>) ✆ +54 9351 3513384 GPG: B2F3C15F
Hi, Unless you need EV which LE obviously doesn't do and SNI is good enough for you, LE should be OK. FWIW I've been using LE certs on all my servers for about a year, without any issues. hth -indranil -- Indranil Das Gupta L2C2 Technologies Phone : +91-98300-20971 WWW : http://www.l2c2.co.in Blog : http://blog.l2c2.co.in IRC : indradg on irc://irc.freenode.net Twitter : indradg On Sat, Sep 23, 2017 at 12:27 AM, Christopher Davis <cgdavis@uintah.utah.gov> wrote:
Greetings Colleagues,
I would like to encrypt the domain of my library's OPAC and staff interface using Let's Encrypt. Are there any issues with Let's Encrypt and Koha which I should know about?
Thank you,
Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Indranil, Thank you for your message regarding Let's Encrypt. I know that DV means "Domain Verification", but what does EV mean? I also have no Idea what SNI means. Bashfully your, Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary On Fri, Sep 22, 2017 at 1:05 PM, Indranil Das Gupta <indradg@gmail.com> wrote:
Hi,
Unless you need EV which LE obviously doesn't do and SNI is good enough for you, LE should be OK.
FWIW I've been using LE certs on all my servers for about a year, without any issues.
hth -indranil -- Indranil Das Gupta L2C2 Technologies
Phone : +91-98300-20971 WWW : http://www.l2c2.co.in Blog : http://blog.l2c2.co.in IRC : indradg on irc://irc.freenode.net Twitter : indradg
On Sat, Sep 23, 2017 at 12:27 AM, Christopher Davis <cgdavis@uintah.utah.gov> wrote:
Greetings Colleagues,
I would like to encrypt the domain of my library's OPAC and staff interface using Let's Encrypt. Are there any issues with Let's Encrypt and Koha which I should know about?
Thank you,
Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Christopher, On Sat, Sep 23, 2017 at 12:49 AM, Christopher Davis <cgdavis@uintah.utah.gov> wrote:
Indranil,
Thank you for your message regarding Let's Encrypt. I know that DV means "Domain Verification", but what does EV mean? I also have no Idea what SNI means.
EV stands for extended validation, it is more involved and expensive and required verification and validation of the legal entity *owning* the said domain, over and above the DV part you referred to. The key difference between DV and EV certs is that DV certs do not assure that any particular legal entity is connected to the certificate, even if the domain name may imply a particular legal entity controls the domain, whereas EV does that. You can think of SNI being somewhat similar to HTTP's name-based virtual hosting, but for https. It basically allows a server to present multiple certs on the same IP and port for multiple websites. More here - https://en.wikipedia.org/wiki/Server_Name_Indication hth Indranil
Bashfully your,
Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary
On Fri, Sep 22, 2017 at 1:05 PM, Indranil Das Gupta <indradg@gmail.com> wrote:
Hi,
Unless you need EV which LE obviously doesn't do and SNI is good enough for you, LE should be OK.
FWIW I've been using LE certs on all my servers for about a year, without any issues.
hth -indranil -- Indranil Das Gupta L2C2 Technologies
Phone : +91-98300-20971 WWW : http://www.l2c2.co.in Blog : http://blog.l2c2.co.in IRC : indradg on irc://irc.freenode.net Twitter : indradg
On Sat, Sep 23, 2017 at 12:27 AM, Christopher Davis <cgdavis@uintah.utah.gov> wrote:
Greetings Colleagues,
I would like to encrypt the domain of my library's OPAC and staff interface using Let's Encrypt. Are there any issues with Let's Encrypt and Koha which I should know about?
Thank you,
Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Thanks Indranil, that totally makes sense now. Let's Encrypt will save my institution a notable sum of money. Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary On Fri, Sep 22, 2017 at 1:30 PM, Indranil Das Gupta <indradg@gmail.com> wrote:
Hi Christopher,
On Sat, Sep 23, 2017 at 12:49 AM, Christopher Davis <cgdavis@uintah.utah.gov> wrote:
Indranil,
Thank you for your message regarding Let's Encrypt. I know that DV means
"Domain Verification", but what does EV mean? I also have no Idea what SNI means.
EV stands for extended validation, it is more involved and expensive and required verification and validation of the legal entity *owning* the said domain, over and above the DV part you referred to. The key difference between DV and EV certs is that DV certs do not assure that any particular legal entity is connected to the certificate, even if the domain name may imply a particular legal entity controls the domain, whereas EV does that.
You can think of SNI being somewhat similar to HTTP's name-based virtual hosting, but for https. It basically allows a server to present multiple certs on the same IP and port for multiple websites. More here - https://en.wikipedia.org/wiki/Server_Name_Indication
hth Indranil
Bashfully your,
Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary
On Fri, Sep 22, 2017 at 1:05 PM, Indranil Das Gupta <indradg@gmail.com>
wrote:
Hi,
Unless you need EV which LE obviously doesn't do and SNI is good enough for you, LE should be OK.
FWIW I've been using LE certs on all my servers for about a year, without any issues.
hth -indranil -- Indranil Das Gupta L2C2 Technologies
Phone : +91-98300-20971 WWW : http://www.l2c2.co.in Blog : http://blog.l2c2.co.in IRC : indradg on irc://irc.freenode.net Twitter : indradg
On Sat, Sep 23, 2017 at 12:27 AM, Christopher Davis <cgdavis@uintah.utah.gov> wrote:
Greetings Colleagues,
I would like to encrypt the domain of my library's OPAC and staff
interface
using Let's Encrypt. Are there any issues with Let's Encrypt and Koha which I should know about?
Thank you,
Christopher Davis Systems & E-Services Librarian Uintah County Library cgdavis@uintah.utah.gov (435) 789-0091 <14357890091> ext.261 uintahlibrary.org basinlibraries.org facebook.com/uintahcountylibrary instagram.com/uintahcountylibrary _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
participants (3)
-
Christopher Davis -
Indranil Das Gupta -
Tomas Cohen Arazi