[wdewind]

> empower small engineering teams to take advantage of certificates

Dumb question: I'm an engineer who doesn't understand certificates outside of the basics of SSL. What are some cool things a small engineering team could do with Lemur (or certs in general)?

[Sanddancer]

For one example, deploy servers and have them already verified, so a new box that you know you personally set up will not give a warning [1]. One of the most underutilized parts of SSL certificates is that you can verify who /you/ are, so any kind of server, including webservers, don't need passwords, because they already have the invite list [2]. This part is admittedly a lot crunchier than the first example because people haven't spent nearly enough time getting it working nicely. Basically, good use of certs can replace a lot of systems where you know what it is and they know what you are.

[1] https://www.digitalocean.com/community/tutorials/how-to-crea...

[2] http://nategood.com/client-side-certificate-authentication-i...

[whisk3rs]

In addition to sanddancers comment, you can also do things like: - issue ephemeral certificates (with expiration in the near future) to allow a machine to perform an action but only for a certain amount of time (for example: to fetch credentials from a source to store in memory during machine provisioning). - use client certificates to authenticate your end-users for secure web apps. - easily build machine-to-machine trust models that take commercial CAs out of the picture