Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add support for SPIFFE cert requests #131

Merged
merged 2 commits into from
Dec 2, 2021
Merged

Add support for SPIFFE cert requests #131

merged 2 commits into from
Dec 2, 2021

Conversation

jdtw
Copy link
Contributor

@jdtw jdtw commented Dec 2, 2021
edited
Loading

The only thing needed to add SPIFFE "support" here is to accept URI-only requests in request-cert. Example workflow:

❯ ./certstrap init --common-name example.com
Created out/example.com.key
Created out/example.com.crt
Created out/example.com.crl

❯ ./certstrap request-cert --uri spiffe://example.com/foo/bar
Created out/spiffe_example.com_foo_bar.key
Created out/spiffe_example.com_foo_bar.csr

❯ ./certstrap sign spiffe_example.com_foo_bar --CA example.com
Created out/spiffe_example.com_foo_bar.crt from out/spiffe_example.com_foo_bar.csr signed by out/example.com.key

❯ certigo dump -v out/spiffe_example.com_foo_bar.crt
** CERTIFICATE 1 **
Input Format: PEM
Serial: 103223067417972581677006756495353345504
Valid: 2021-12-02 20:43 UTC to 2023-06-02 20:52 UTC
Signature: SHA256-RSA
Subject Info:
        CommonName: spiffe://example.com/foo/bar
Issuer Info:
        CommonName: example.com
Subject Key ID: 2E:5A:9A:ED:E7:E6:C8:CA:AB:2C:B0:B1:38:FA:42:5E:28:88:ED:E9
Authority Key ID: 21:10:B3:50:E6:57:10:D2:D5:87:B1:2F:DE:30:EF:F2:14:A7:9F:0C
Key Usage:
        Digital Signature
        Key Encipherment
        Data Encipherment
        Key Agreement
Extended Key Usage:
        Server Auth
        Client Auth
URI Names:
        spiffe://example.com/foo/bar

jdtw added 2 commits December 2, 2021 12:43
@jdtw
Add support for SPIFFE cert requests
ee94319
@jdtw
Merge branch 'master' into jwood/spiffe
d144b3d 
* master:
  Add flags to certstrap to support ECDSA and Ed25519 (#128)
@jdtw jdtw merged commit fda01db into master Dec 2, 2021
@jdtw jdtw deleted the jwood/spiffe branch December 2, 2021 22:57
mbyczkowski pushed a commit that referenced this pull request May 12, 2023
@jdtw @mbyczkowski
Add support for SPIFFE cert requests (#131)
80206d0
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mmontgomery-square mmontgomery-square mmontgomery-square approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jdtw @mmontgomery-square