ODK-X’s current default setup for Sync-Client uses Let’s Encrypt. Thoughts?
Update, December 21 2020
Thanks to community feedback and our wonderful partners at IdenTrust, we will be able to continue to offer service without interruption to people using older Android devices. We flagged the content of this blog post that is...
1 Like
I’ve added this topic to the community meeting for next week.
1 Like
Definitely needs discussion. If it were 4.0 or below, I’d say no biggie, but there are still many 5.0 and higher devices out there - and still many brand new low cost devices running 7.x and lower.
2 Likes
FYI… planned changes being discussed in this issue:
opened 04:00PM - 01 Dec 20 UTC
Let's Encrypt issued certificates will no longer be trusted on some devices, not… ably Android versions prior to 7.1.1, after September 30, 2021. ODK-X will introduce the following changes/features to minimize the impact:
- [ ] Trust Let's Encrypt's root public keys (ISRG Root X1, ISRG Root X2) in ODK-X Services
- [ ] Allow ODK-X Services to trust user provided certificates
- [ ] Allow users to bring their own certificate in the Sync Endpoint setup script
Links
[https://docs.google.com/document/d/11KvB6XAkAp17bny4lPk4Uvobb5n6arbRT_iXArbfOns/edit](https://docs.google.com/document/d/11KvB6XAkAp17bny4lPk4Uvobb5n6arbRT_iXArbfOns/edit)
[https://letsencrypt.org/2020/11/06/own-two-feet.html](https://letsencrypt.org/2020/11/06/own-two-feet.html)
2 Likes