Skip to content
This repository has been archived by the owner on Aug 31, 2021. It is now read-only.

Signing CSR #6

Open
aschaber1 opened this issue Feb 26, 2017 · 4 comments
Open

Signing CSR #6

aschaber1 opened this issue Feb 26, 2017 · 4 comments

Comments

@aschaber1
Copy link

Hello,

congrats on the project, I think something like this is widely needed.

It would be great though, if it were possible to sign CSRs.

Regards
Alexander

@jeremy-clerc
Copy link
Contributor

Hi Alexander,

Thank you.

I will look into it. Just to make sure, this would be to behave like a real CA where clients would send their CSR and the easypki would have no idea about the client private key ?

This will need a bit of refactor, as the current Sign method also generate the private/public key. So I will need to separate CSR creation and Signing (which should have been done since the beginning).

@aschaber1
Copy link
Author

I will look into it. Just to make sure, this would be to behave like a real CA where clients would send their CSR and the easypki would have no idea about the client private key ?

Yeah in my case some hardware generates the private key and the only component I (can) get is the CSR.

@jeremy-clerc
Copy link
Contributor

I did not get time to get this done, and I unfortunately won't get any in the coming weeks. I am unassigning myself for now.

@jeremy-clerc jeremy-clerc removed their assignment Mar 26, 2017
@computergeek125
Copy link

Secondary example: I set up Easy PKI as my network CA (it lives on a protected server). I have a Unifi controller that I am trying to get a CA cert for ([OT] UNMS seems to be able to accept a separately generated key FWIW). The official certificate installation process is to have the Unifi controller generate a CSR (which it gives you in DER form- I can convert to PEM and back), and you provide it back with a signed cert and any needed CA certs which it then installs into its keystore file

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants