[
https://issues.jboss.org/browse/WFCORE-3396?page=com.atlassian.jira.plugi...
]
Farah Juma commented on WFCORE-3396:
------------------------------------
bq. I think tests well cover the area. However it would be better if tests were located in
WFCore/WF for testing Elytron subsystem part as well.
There are similar tests in WildFly Core as well for testing the Elytron subsystem part
(see {{org.wildfly.extension.elytron.CertificateAuthoritiesTestCase}} and
{{org.wildfly.extension.elytron.KeyStoresTestCase}}).
{quote}Several questions which pop up:
* what is maintability of mock messages. For new version clone of test will be
created?{quote}
Let's Encrypt's ACME v2 API should be fairly stable now as their latest draft of
the spec (draft-ietf-acme-acme-12) is in the process of becoming an RFC.
If new versions are introduced, we would need to update the mock messages in the relevant
tests accordingly.
bq. How are we going to deal with new versions of Lets Encrypt API. Does LE keep backward
compatibility?
Let's Encrypt hasn't explicitly mentioned their compatibility plans going forward.
However, when introducing the new ACME v2 API, they used a separate endpoint so that
clients relying on their v1 API would still work successfully and have lots of time to
update to the newer version. There are many third-party clients that are now implementing
their v2 API so they would probably do something similar if they introduce a non-backwards
compatible version in the future.
Provide certificate authority integration
-----------------------------------------
Key: WFCORE-3396
URL:
https://issues.jboss.org/browse/WFCORE-3396
Project: WildFly Core
Issue Type: Feature Request
Components: Security
Affects Versions: 4.0.0.Alpha2
Reporter: Martin Choma
Assignee: Farah Juma
Let's Encrypt provide API to fully automate (gain/renew) certificate retrieval using
ACME protocol. Integrate this capability into wildfly.
This can simplify administrator work. No need to perform certification renewal routine
tasks.
This is follow up on WFCORE-3305 and piece of bigger task "Simplify SSL
configuration in wildfly". That said it is just "User experience" issue.
Administrator still can work with Let's Encrypt by third party client and just
reference wildfly to this certificate.
[1] Latest draft:
https://tools.ietf.org/html/draft-ietf-acme-acme-10
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)