Tuesday, December 13, 2016

cacert and letsencrypt differences

A few differences exists between these 2 open Certificate Authorities  ( aka CA ) , &  I will try to list a few of these differences



  • is open and follows the typical open community approach
  • inclusion is small, almost no modern browser trust them ( it's really self-Sign imho )
  • issues certificate at 6month intervals 
  • has one of the easiest of domain_validation based on ICANN or whois data
  • does not use any on host software or applications for management issue or revocation
  • very good CA if you don't care for established trust-anchor and are testing SSL/TLS certificate
  • cares less about FQDN being real ( you can issue a certificate for a FQDN that is not alive or even  exists )
  • does scrutinize the CSR details 
  • requires domain validation 
  • much more advance
  • requires more work and dependencies to get it up ( e.g  ACME ) but the end it is worth it!
  • issued at  90days expirations
  • requires a FQDN to be set in "place" and correct
  • inclusion list is strong,  heck way stronger than  cacert ( trusted by quite a few browsers to be specific  )
  • is trusted and trust worthy in the big web CA chain
  • scrutinize CSR details to be correct
  • requires domain validation  ( you  might be able to  issued on internal only ( aka "dot" local )

Let'sEncrypt If your cheap,  on a budget ,  testing a development  site, and need a short stroke issued certificate. This is hands down what you should use.

If you need a internal CA for let's say a "enterprise" org  ,and have no CA built,   have no budgte, have no understanding of CA design, than hands down the  cacert.org is ideal for in these cases.

Knowing and understanding  the differences between these two free CAs , and where one is best suited is a must.

kfelix @ socpuppets.com

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment