Hi Team, With the next reduction in Certificate Lifetime looming, I wondered if it is possible to integrate other Certificate providers like DigiCert directly with LiquidFiles. Is there anything planned? Or do you have other ways to automate the management of Certificates within the appliance? Best Regards Luke
Hi Luke, At the moment anything is planned, but it's quite probable when the certificate lifetime will gradually decrease to the currently declared 47 days in next several years then traditional CAs will likely have to implement the ACME mechanism for automatic renewals and it's probable we will implement it in the LF appliance as well. To complete the information, currently planned certificate max lifetime is following: from 15. 3. 2026 up to 200 days from 15. 3. 2027 up to 100 days from 15. 3. 2029 up to 47 days max.
Hi David, Thank you for sharing your input. Since it was standardised, more CAs have implemented or are implementing the ACME protocol. I guess that's a win Are there other possibilities to automatically manage the Certificates in LiquidFiles now, just to have a Plan B? Best Regards Luke
Yes currently the option is Let's Encrypt. In LF appliance the ACME validation is available basically since beginning with Let's Encrypt certificate. https://docs.liquidfiles.com/certificates/lets_encrypt.html
Hi David, I get that, and it's a great way to secure your appliance hassle-free. However, sometimes clients do not want to use Let's Encrypt and favour a traditional CA for various reasons. Until now, we managed those certificates manually, but with the announced changes to the maximum lifetime, this is no longer viable, and we are gathering info on what is possible. That's why I opened this thread. - Will LiquidFiles open its ACME implementation to support other CAs that support ACME (e.g. DigiCert, Comodo or GlobalSign)? - If not, are there other options to hook our Cert management tools into LiquidFiles?
It's quite probable scenario that with the short certificate lifetime the automatic validation will be needed for traditional CA as well. When we have some information how this will practically work in LF appliance and with traditional CAs it will be announced.
