In addition to what Jesse recommends you can also take a look at using an ACME client located on your network that can get and renew certificates for your entire organization.  This is also something I hope to build and demo.  But you could use a Linux instance or any server on your network to do the heavy lifting of contacting le and handling the certificate renewal part and then storing them in a central location so that other servers can access and copy them or use it as amount point for access.

With expiration periods getting shorter and shorter, and SSL becoming the standard, it may be wise to think more broadly about how to meet all your SSL sert needs for the enterprise.

Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Twitter - Sys_i_Geek IBM_i_Geek

On 8/1/2020 9:20 PM, Jesse Gorzinski wrote:
If you choose to go the nginx route, this sample may help you get started:
https://github.com/IBM/ibmi-oss-examples/tree/master/nginx/ssl_proxy


"OpenSource" <opensource-bounces@xxxxxxxxxxxxxxxxxx> wrote on 08/01/2020
04:05:29 PM:

From: "Roberto José Etcheverry Romero" <yggdrasil.raiker@xxxxxxxxx>
To: IBMi Open Source Roundtable <opensource@xxxxxxxxxxxxxxxxxx>
Date: 08/01/2020 04:06 PM
Subject: [EXTERNAL] Re: [IBMiOSS] LetsEncrypt
Sent by: "OpenSource" <opensource-bounces@xxxxxxxxxxxxxxxxxx>

I'm not certain, but does the Apache on the i use the DCM? or just a
certfile like most other instances? If it is the later you would
configure
it as any other Apache.
I'm fond of using reverse nginx proxies to add the SSL capabilities to
my
web servers. If you add routing you can even get by using a single
wildcard
cert for all of them.
Best Regards,
Roberto

On Sat, Aug 1, 2020 at 5:55 PM Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:
Anyone ever use LetsEncrypt to apply a trusted ssl certificate to IBMi
(Apache server). I couldn’t quite determine correct software/system
for
certbot. Or is there a better method?

I’ve created a signed cert to apply to my server instance using IBM
DCM,
but it’s not a trusted CA. This Is creating a server authentication
issue
with my external web app trying to make http requests to the IBMi.

Tia
Jay
--
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://urldefense.proofpoint.com/v2/url?
u=https-3A__lists.midrange.com_mailman_listinfo_opensource&d=DwIGaQ&c=jf_iaSHvJObTbx-
siA1ZOg&r=ZCVxF-

w6wAginVZ42dfeYbM5huvio_77jTCJXaiFgrE&m=eFuIpSXuqQm3a9_wSbz3WcyHvvrR60UToZSV56vha3o&s=FW5yCaS6b35xg5WtKy6kevrOd3xpeSTElAfSw4Lq_e8&e=
or email: OpenSource-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://urldefense.proofpoint.com/v2/url?
u=https-3A__archive.midrange.com_opensource&d=DwIGaQ&c=jf_iaSHvJObTbx-
siA1ZOg&r=ZCVxF-

w6wAginVZ42dfeYbM5huvio_77jTCJXaiFgrE&m=eFuIpSXuqQm3a9_wSbz3WcyHvvrR60UToZSV56vha3o&s=6VoQFkAKDxvaSXp8ABL_887ANN8CtRDxZIZsOg6nG9s&e=
.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://urldefense.proofpoint.com/v2/url?
u=https-3A__amazon.midrange.com&d=DwIGaQ&c=jf_iaSHvJObTbx-
siA1ZOg&r=ZCVxF-

w6wAginVZ42dfeYbM5huvio_77jTCJXaiFgrE&m=eFuIpSXuqQm3a9_wSbz3WcyHvvrR60UToZSV56vha3o&s=mphHbogSmC92G8tOgc_rHSw2RjXsjl-
OeqyxKVWcY94&e=
--
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://urldefense.proofpoint.com/v2/url?

u=https-3A__lists.midrange.com_mailman_listinfo_opensource&d=DwIGaQ&c=jf_iaSHvJObTbx-
siA1ZOg&r=ZCVxF-

w6wAginVZ42dfeYbM5huvio_77jTCJXaiFgrE&m=eFuIpSXuqQm3a9_wSbz3WcyHvvrR60UToZSV56vha3o&s=FW5yCaS6b35xg5WtKy6kevrOd3xpeSTElAfSw4Lq_e8&e=
or email: OpenSource-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://urldefense.proofpoint.com/v2/url?
u=https-3A__archive.midrange.com_opensource&d=DwIGaQ&c=jf_iaSHvJObTbx-
siA1ZOg&r=ZCVxF-

w6wAginVZ42dfeYbM5huvio_77jTCJXaiFgrE&m=eFuIpSXuqQm3a9_wSbz3WcyHvvrR60UToZSV56vha3o&s=6VoQFkAKDxvaSXp8ABL_887ANN8CtRDxZIZsOg6nG9s&e=
.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://urldefense.proofpoint.com/v2/url?
u=https-3A__amazon.midrange.com&d=DwIGaQ&c=jf_iaSHvJObTbx-
siA1ZOg&r=ZCVxF-

w6wAginVZ42dfeYbM5huvio_77jTCJXaiFgrE&m=eFuIpSXuqQm3a9_wSbz3WcyHvvrR60UToZSV56vha3o&s=mphHbogSmC92G8tOgc_rHSw2RjXsjl-
OeqyxKVWcY94&e=



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.