Comments (4)
Short question: Do you use Let‘s Encrypt?
Because Let‘s Encrypt is currently submitting the signed certificate to the logs and give you a certificate with the act embedded. So you might not need this module if your current certs have the sct‘s embedded. If you do not know how to do this let me know :)
More infos: https://www.certificate-transparency.org/how-ct-works
from nginx-ct.
You can verify it by the issue date. If it is after 29 March it should have it; if not you can renew it if you want it. Do you want to deploy expect-ct or what is your intention behind it?
https://community.letsencrypt.org/t/signed-certificate-timestamps-embedded-in-certificates/57187/3
from nginx-ct.
Hi @Knight1
Thanks for the reply and for the observation.
Yes, I do use Let's Encrypt with certbot.
I did use this website https://cryptoreport.websecurity.symantec.com/checker/ to verify my CT and it tells me
- Certificate Transparency: Not embedded in certificate
But how can I check if my certificate already have the sct's embedded?
Should I just renew it?
from nginx-ct.
I understand.
Well, currently my webapp product is running in a lot of customers that are instructed to use Chrome for better experience and I do not want them to face any kind of "insecure website" or something.
I just knew about this CT a few days ago and I'm trying make everything works fine. But I think on the next renewall that's should be fine.
Thanks a lot for your help and attention. Much appreciated.
from nginx-ct.
Related Issues (20)
- TLS 1.3 support HOT 1
- Automated tests
- 421 Response from nginx when certs and /path/to/scts defined in "http" and using client certificate HOT 6
- This doesn’t compile against OpenSSL 1.1.1 branch draft-18 of TLS 1.3 HOT 3
- Detect does not work with dynamic mail and stream HOT 1
- Error whilst compiling nginx-ct with Openssl 1.1.1-dev (tls1.3-draft-18)
- Building with nginx 13.3.3 HOT 4
- No .so file found HOT 2
- Cann't build with this module HOT 1
- Mail and Stream ssl_ct modules not compiling? HOT 1
- Using ngx_mail_ssl_ct_module HOT 2
- Compile nginx (1.13.7) + openssl (tls1.3-draft-18) + nginx-ct HOT 2
- ngx_ssl_ct_module.so is not binary compatible HOT 2
- error with last chrome and openssl HOT 1
- generating errors with some older browsers. as result, page not displayed. HOT 1
- Variable support
- undefined symbol: ngx_modules HOT 1
- undefined symbol: SSL_CTX_add_custom_ext
- undefined symbol: ngx_ssl_ct_create_srv_conf HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-ct.