Skip to content
LEF LEF Docs
GitHubLinkedIn

TLS & certificates

Responsibilities

Section titled “Responsibilities”
  • Describe how trust is established between clients and LEF systems using TLS.
  • Capture the certificate lifecycle model (issuance, renewal, rotation) without embedding secrets.
  • Make it clear that TLS is cross-cutting:
    • GUI access is HTTPS by default.
    • Database connectivity may also use TLS and certificates.

Not in scope (where the facts live)

Section titled “Not in scope (where the facts live)”
  • Authoritative entry points / hostnames: see Domains and the relevant service pages.
  • Runbooks and procedures: see Certificates and SQL operations.
  • Certificate inventories and private keys: never documented here.
Section titled “Related models”

Key concepts

Section titled “Key concepts”
  • Certificate authority (CA): issues and signs certificates (see CA).
  • ACME: automation protocol commonly used for certificate issuance/renewal (see ACME).
  • Subject Alternative Names (SANs): what names a certificate covers (see SAN).

Jump to facts / operate

Section titled “Jump to facts / operate”
Certificates (operate) Web TLS certificates (operate) SQL operations (operate)