this post was submitted on 16 Oct 2024
192 points (91.4% liked)

Technology

59116 readers
3258 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
192
Sysadmins slam Apple’s SSL/TLS cert lifespan cuts (www.theregister.com)
submitted 2 weeks ago by misk@sopuli.xyz to c/technology@lemmy.world
82 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ShortFuse@lemmy.world 11 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Just going to mention my zero-dependency ACME (Let's Encrypt) library: https://github.com/clshortfuse/acmejs

It runs on Chrome, Safari, FireFox, Deno, and NodeJS.

I use it to spin up my wildcard and HTTP certificates. I've personally automated it by having the certificate upload to S3 buckets and AWS Certificates. I wrote a helper for Name.com for DNS validation. For HTTP validation, I use HTTP PUT.

[–] sugar_in_your_tea@sh.itjust.works 7 points 2 weeks ago (1 children)

Why have this run in the browser? Why not just have it run on the server and renew in the background?

[–] ShortFuse@lemmy.world 1 points 2 weeks ago (1 children)

That's what NodeJS and Deno are.

The point of the browser support means it runs on modern Web technologies and doesn't need external binaries (eg: OpenSSL). It can literally run on any JS, even a browser.

[–] sugar_in_your_tea@sh.itjust.works 1 points 2 weeks ago (1 children)

I'm aware, but you led with Chrome, Safari, and Firefox, so it sounded like browser support was the point, so I was curious what the use-case was.

That's still cool though. I personally would've just use Python, since that's generally available everywhere I'd want to run something like this (though Python's built-in HTTP lib isn't nearly as nice as JS's fetch(), I'd want requests).

[–] ShortFuse@lemmy.world 1 points 2 weeks ago (1 children)

I have just dumped code into a Chrome console and saved a cert while in a pinch. It's not best practices of course, but when you need something fast for one-time use, it's nice to have something immediately available.

You could make your own webpage that works in the browser (no backend) and make a cert. I haven't published anything publicly because you really shouldn't dump private keys in unknown websites, but nothing is stopping you from making your own.

[–] sugar_in_your_tea@sh.itjust.works 1 points 2 weeks ago

Any machine I'm on has Python installed, so that's my go-to.