One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8315041 |
| Date de publication | 2023-03-02 12:42:15 (vue: 2023-03-02 18:06:35) |
| Titre | Google Trust Services now offers TLS certificates for Google Domains customers |
| Texte | Andy Warner, Google Trust Services, and Carl Krauss, Product Manager, Google DomainsWe're excited to announce changes that make getting Google Trust Services TLS certificates easier for Google Domains customers. With this integration, all Google Domains customers will be able to acquire public certificates for their websites at no additional cost, whether the site runs on a Google service or uses another provider. Additionally, Google Domains is now making an API available to allow for DNS-01 challenges with Google Domains DNS servers to issue and renew certificates automatically.Like the existing Google Cloud integration, Automatic Certificate Management Environment (ACME) protocol is used to enable seamless automatic lifecycle management of TLS certificates. These certificates are issued by the same Certificate Authority (CA) Google uses for its own sites, so they are widely supported across the entire spectrum of devices used to access your services.How do I use it?Using ACME ensures your certificates are renewed automatically and many hosting services already support ACME. If you're running your own web servers / services, there are ACME clients that integrate easily with common servers. To use this feature, you will need an API key called an External Account Binding key. This enables your certificate requests to be associated with your Google Domains account. You can get an API key by visiting Google Domains and navigating to the Security page for your domain. There you'll see a section for Google Trust Services where you can get your EAB Key. Example of EAB Credentials in Google DomainsAs an example, with the popular Certbot ACME client, the configuration to register an account looks like:certbot register --email --no-eff-email --server "https://dv.acme-v02.api.pki.goog/directory" --eab-kid "" --eab-hmac-key ""The EAB_KEY_ID and EAB_HMAC_KEY are both provided on your Google Domains security page.After the account is created, you may issue certificates by running:certbot certonly -d --server "https://dv.acme-v02.api.pki.goog/directory" --standaloneThen fo |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | these 01acme able access account acme acquire across additional additionally after all allow already andy announce another api are associated authority automate automatic automatically available to before binding key both called can carl center certbot certificate certificates certonly challenge challenges changes client clients cloud integration common complete configuration control cost created credentials customers devices dns domain domains domainsas domainswe download eab easier easily efficient enable enables ensures entire environment example excited existing external feature follow get getting goog/directory google help hmac hosting how https://dv information integrate integration issue issued issuing its key krauss lifecycle like make making management manager many may navigating need now offers own page pki please popular process product prompts protocol provided provider provides public register renew renewed requests running running:certbot runs same seamless section security see server servers service services site sites spectrum standalonethen support supported tls trust use used users uses using v02 validate validation visit visiting warner way web websites where whether widely will you your |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.