|
|
|
|
|
|
by geofft
3245 days ago
|
|
|
I suspect your auditors have no real reason to object to Let's Encrypt (do they understand that Let's Encrypt is equally capable of issuing a false certificate under your name? does your security rely on the browser PKI? how did every single company in the browser PKI get okayed by your auditors?). You have a perfectly valid reason, which is that your auditors want you to buy an expensive certificate to make them happy, but you're still paying more than market ($0ish) for SSL, which means you're a good customer for DigiCert to have acquired. BTW, if you want to save some money, try sending your auditors the WebTrust audits that Let's Encrypt has passed just as well as Symantec (if not more well, see mozilla.dev.security.policy): https://letsencrypt.org/repository/ |
|
|