Let's Encrypt for Server and OpenSSL for client certificates

I've to enable both server and client certificates. My plan is to use Let's encrypt for server and OpenSSL for the client certificate. The reason is that Let's encrypt only provide server certificates. I know that some commercial providers like DigiCert or GlobalSign provide both server and client certificates but that is not the option.

I haven't tried yet but I guess CA doesn't necessarily have to be the same for both certificates. Can anyone suggest a better idea?

1 answer

  • answered 2018-01-09 22:39 EJP

    If you use OpenSSL you will either have to establish a trusted internal CA or else use self-signed certificates, and ensure that whichever you use is trusted by the server(s). In the end it's cheaper to pay an external CA, then you don't have to overcome any trust issues.

    I wouldn't say that Let's Encrypt only issues server certificates. There is no difference between a server certificate and a client certificate. However their authentication method requires a web server.