In this session we talk about an ongoing Open Source IBM i project to fully automate the creation and renewal of TLS (or SSL) certificates from Let’s Encrypt. At the moment there are a couple things that can only be done manually, but only once. TLS is important for applications. It encrypts the traffic between the user and the IBM i so that it cannot be read by hackers. Most applications that use web pages need TLS, as modern browsers are insisting on the use of HTTPS which needs TLS certificates. More recently they have blocked the advanced, “I want to ignore the lack of security” too. The lifetime of TLS certificates, for major browsers, are becoming shorter to ensure better security. Currently it is 200 days. This is changing to 100 days on the 15th March 2027 and 47 days on 15th March 2029 by major browsers. Let's Encrypt use 90 days, changing to 64 days 10 February 2027 and 45 days 16th February 2028. Hence the requirement for automation. In addition Let's Encrypt will allow 45 days from 13 May 2026 for testing purposes.
My latest venture is RITFORI, a Github open source tool to automate Let's Encrypt TLS certificates for the IBM i. I enjoy working with SQL and exploring new developments.
I’ve worked with the IBM i for over 25 years. I started as a developer, updating RPG code to make it millennium compliant, but I’ve spent most of my career working on the technical side. Originally supporting IBM i installations for customers and then moving on to manage the hosted... Read More →
