-
Notifications
You must be signed in to change notification settings - Fork 107
Signing CSR #6
Comments
Hi Alexander, Thank you. I will look into it. Just to make sure, this would be to behave like a real CA where clients would send their CSR and the easypki would have no idea about the client private key ? This will need a bit of refactor, as the current Sign method also generate the private/public key. So I will need to separate CSR creation and Signing (which should have been done since the beginning). |
Yeah in my case some hardware generates the private key and the only component I (can) get is the CSR. |
I did not get time to get this done, and I unfortunately won't get any in the coming weeks. I am unassigning myself for now. |
Secondary example: I set up Easy PKI as my network CA (it lives on a protected server). I have a Unifi controller that I am trying to get a CA cert for ([OT] UNMS seems to be able to accept a separately generated key FWIW). The official certificate installation process is to have the Unifi controller generate a CSR (which it gives you in DER form- I can convert to PEM and back), and you provide it back with a signed cert and any needed CA certs which it then installs into its keystore file |
Hello,
congrats on the project, I think something like this is widely needed.
It would be great though, if it were possible to sign CSRs.
Regards
Alexander
The text was updated successfully, but these errors were encountered: