We all know about the goodness of SSL. CRM Online and On-premises IFD deployments won’t work without it. However, when it comes to creating and consuming web services, people become incredibly lax about using SSLs and happy to transmit even confidential information using plain http. Excuse is usually down the “who needs this information anyway” lines:
What kind of hacker would want to access an x-ray image of your right foot?
Another frequently cited excuses has always been cost of SSL certificates. Let’s be honest – majority of providers did bugger all to verify the identities, or provide any services in addition to issuing a certificate, and then charged exorbitant prices for simple SSL certificates and then some more for the wildcard versions.
Well, you have just run out of excuses. https://letsencrypt.org/ is a new Certificate Authority: free, automated, and open. Go ahead and generate your own certificates as needed.
Before plunging in head-first, few things to consider:
- Wildcard certificates are not supported yet. While you can have up to 100 alternative domain names on a single certificate, some scenarios, IFD of CRM in particular, are much easier to handle with a wildcard.
- Let’s Encrypt certificates currently have a 90-day lifetime. There are a lot of arguments pros and cons but the bottom line is that, at the moment, in the IIS-bound world CRMers live in, there is an additional overhead to renew.
- Let’s Encrypt certificates cannot be used for code signing or email encryption. Nope, SSL/TLS only.
- They do not store private keys. Lost the key? 90-days lifetime suddenly looks very appealing.
- Let’s Encrypt has no plans to issue EV (Extended Validation) or OV (Organization Validation) certificates at this time.