Built-in ACME Client
Ally Member
As you know, CA/B Forum has voted to shorten validity period for SSL/TLS certificates.
Current:
Public SSL/TLS certificates currently have a maximum validity of 13 months (approximately 398 days).
Upcoming Changes:
2026: Maximum validity will be reduced to 200 days.
2027: Maximum validity will be further reduced to 100 days.
2029: Maximum validity will be 1.5 months (approximately 47 days).
With shorter validity periods, automation will be the key, therefore ACME client (Certbot, etc) in Zyxel uOS is paramount to efficient and secure management.
This should be integrated rather sooner than later.
Comments
-
Hi @bbp ,
Thank you for sharing this information.
Please note that our certificates are self-signed by default, not a public Certificate Authority (CA).
In other words, if there is such an application, it is applied in the public CA, not through the Firewall.
0 -
Yes, but many organizations are using CA signed and issued certificates for their assets like routers, switches, printers, etc. Installing certificates once per year is not a problem, but doing that manually every 47 days is not feasible. We need "Automatic Certificate Management Environment" (ACME) for renewal and installation of certificates.
There are great many open source ACME clients that could easily be implemented into uOS.
ACME info: https://datatracker.ietf.org/doc/html/rfc8555
0 -
Hi @bbp ,
Thank you for your feedback. We will evaluate this feature.
0
Zyxel Employee
Categories
- All Categories
- 429 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 350 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
