When Let’s Encrypt <https://letsencrypt.org/howitworks/>
based on ACME
(Automated Certificate Management Environment) spec launches in mid-2015,
enabling HTTPS for any site will be as easy as installing a small piece of
certificate management software on the server:
$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com
That’s all there is to it! https://example.com
is immediately live.
Automatic renew and on demand revocation are equally easier.
A sample let's encrypt SSL client demo is here
;. For documentation, check here
Let's encrypt is free, open and automated with out of box support for
apache/nginx and standalone support for other web servers. It automatically
configures an app deployed on apache or nginx with a single command with
absolute no human intervention. Its stand alone mode (for other web
servers) generates SSL cert for the app(domain) which can be manually
configured/installed or a better method will be installation via an
automated script(like for keycloak server). Currently, Let’s Encrypt
provides a developer preview only intended for testers and developers. It,
at present installs certs signed by the TEST CA, which might generate
exception warnings in client browsers. But, they have announced to come out
with final solution by Mid 2015.
As Keycloak will be requiring SSL, let's encrypt standalone support with a
script for automatic installation of cert on keycloak/wildfly server might
come out as one easier rescue.
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India 177005