Bug 131 - TLS: support for ACME (Let's Encrypt certificates)
Summary: TLS: support for ACME (Let's Encrypt certificates)
Status: NEW
Alias: None
Product: repro
Classification: Unclassified
Component: proxy (show other bugs)
Version: unspecified
Hardware: All All
: P1 enhancement
Assignee: Owner of all unassigned bugs
URL:
Keywords:
Depends on: 130
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-05 09:00 CDT by Daniel Pocock
Modified: 2016-08-05 09:01 CDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Pocock 2016-08-05 09:00:44 CDT
Automatic Certificate Management Environment (ACME) automates the provisioning and renewal of TLS certificates.

It is used by the Let's Encrypt CA.

It appears extremely useful for highly-available, secure federated SIP and SIP over the public Internet.

To support automatic provisioning and certificate renewal, server processes (such as SIP proxies and HTTPS servers) need to support one of the mechanisms for Domain Validation in the ACME spec:

https://letsencrypt.github.io/acme-spec/#rfc.section.7

The DVSNI method may be a good choice for reSIProcate / repro

One specific concern is that DVSNI validates the names having A/AAAA records.  In a SIP environment, there are usually NAPTR and SRV records, they are not currently supported in the ACME spec.