Yes, it's the protocol[1] proposed by ISRG letsencrypt[2] (under the linux foundation umbrella) that allows automated generation and PKI signing of TLS certificates. For the record, there's a go

Our current policy to our users is SNI by default, i.e. unless they explicitly require non-SNI TLS termination they get SNI termination. We went with this because browser support seems good[1] and

Thank you all for your responses. A follow up question: for the gorouter to host certs for multiple domains, it seems only natural that it would do this via SNI. Is client support for SNI ubiquitous

carlo.ferraris(a)rakuten.com> wrote: Wasn't familiar with ACME until I just googled it. Do you mean some mechanism for automated generation of certs?

Hello Stephen, I am using Windows 10 and I have opened a issue in Github.

It sounds like we are in a similar situation to Carlo, i.e. - We have an external pair of LBs - These are used for SSL termination - We upload SSL certificates to the LBs for various

+1 to user provided certs for private domains. Today, we use multiple vips with diff certs or our main vip with a cert that has multiple SANs. Our goal is for cf operators to really be out of the way

This is ridiculously cool - nice work Persils!

While we're talking about TLS, but this is only partially related, it would be awesome if we were to implement (or some hooks were provided to be able to complete) either the http or tls ACME

We don't have the requirement to use an external secure store, but for that custom terminator component we were thinking to use an external secure store (Vault or something along those lines) to make

Carlo, Mike, others, Do you store certs in the LB config itself, or federate/offload TLS termination to some secure store? I'm thinking about storing user-provided certs in the Routing API and

Persistence! Shannon Coen Product Manager, Cloud Foundry Pivotal, Inc.

Mike, thanks for keeping the ball rolling! For the TLS termination part we are currently using a setup very similar to the one described by Mike. We sit behind a bunch of SLBs that handle termination

Thank you very much. So much awesomeness. -- Odeyemi 'Kayode O. http://ng.linkedin.com/in/kayodeodeyemi. t: @charyorde

An extension point would be more useful than something that only worked on the gorouters. Another thing that mitigates our need for this feature is that most all of our organization's applications

Thanks to all who helped contribute and make this happen! This is fantastic news.

This is great! Something many of my customers have been wanting for a long time. Now to figure out how to integrate it with our NetApp NFS. Mike

Mike, What if the way the gorouters were configured with user-provided certs was a point of extension that could also be used to configure your FLB? How often do you have to manage certs on your LB?

+1 ... this is awesome to see released! Chip Childers VP Technology, Cloud Foundry Foundation 1.267.250.0815

Sweet!!!