I like to see built in support for Let's Encrypt (https://letsencrypt.org/) all user/device facing interface in Groupwise like web access, gms etc.
You can ofcource allready use Let's Encrypt certificates so what's i needed is a mechanism for automatically monthly update of the certificates.
/Lennart
by: Lennart J. | over a year ago | Other
Comments
Ability to use any PGP/GPG process would be great...there are several tools out there that can help manage PGP/GPG infrastructure...so simply the ability to import/update the keys and utilitze for signing/encryption.
I too would like to see it baked in as an option.
dsapp now has some support for implementing Let's Encrypt for GMS. As for Webaccess, it is strait forward apache that handles the encryption which is well documented at Let's Encrypt.
As for the rest of the agent to agent (POA, MTA, etc..) I think it could be done and not to dissimilar to how I've already done it in GMS (just before it was added to dsapp) so some scripting work and testing is in order by anyone who wants to create a CoolSolution.
@HutcH H you want to check out the other Idea 1384
This idea is about the SSL/TLS encryption among the agents, where as PGP/GPG is client to client that Idea 1384 addresses and could use your vote. These two encryption methods are totally separate but complimentary.
https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/1384
Is this really necessary? I would just put a reverse proxy in front and handle all the certificate stuff at the proxy level.
Let's Encrypt is able to do the certificate-refresh just using bash / python scripting. So I'm using a cronjob asking once a week for a new certificate - inluding propagation to GW mobility service and sending error messages in case of an unexpected Let's Encrypt messages.