Skip to content
This repository has been archived by the owner on Aug 26, 2021. It is now read-only.

Support ECC Certificates #144

Open
chepurko opened this issue Apr 10, 2017 · 0 comments · May be fixed by #190
Open

Support ECC Certificates #144

chepurko opened this issue Apr 10, 2017 · 0 comments · May be fixed by #190

Comments

@chepurko
Copy link
Contributor

chepurko commented Apr 10, 2017
edited
Loading

This is a feature request. Let's Encrypt supports signing of ECC CSRs. For example with the following process:

$ openssl genpkey -algorithm EC -out key.pem -pkeyopt ec_paramgen_curve:secp384r1
$ openssl req -new -sha256 -key key.pem -out explicit-csr.pem
$ sudo letsencrypt certonly --agree-tos --email '[email protected]' \
  --csr explicit-csr.pem \
  --cert-path cert.pem \
  --fullchain-path fullchain.pem \
  --webroot \
  -w /var/www/ \
  -d www.domain.com -d domain.com

I think the lower overhead of NIST 384-bit curves and it's equivalent RSA strength of 7,680 bits benefits performance and future-proofs the underlying crypto until something better is found...
@frusdelion frusdelion mentioned this issue May 17, 2017
Closed
@frusdelion frusdelion linked a pull request May 25, 2017 that will close this issue
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Supporting ECC Certificates harborfront/kube-lego
Supporting ECC Certificates
1 participant
@chepurko