Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SPIFFE cert requests #131

Merged
merged 2 commits into from
Dec 2, 2021
Merged

Add support for SPIFFE cert requests #131

merged 2 commits into from
Dec 2, 2021

Conversation

jdtw
Copy link
Contributor

@jdtw jdtw commented Dec 2, 2021
edited

The only thing needed to add SPIFFE "support" here is to accept URI-only requests in request-cert. Example workflow:

❯ ./certstrap init --common-name example.com
Created out/example.com.key
Created out/example.com.crt
Created out/example.com.crl

❯ ./certstrap request-cert --uri spiffe://example.com/foo/bar
Created out/spiffe_example.com_foo_bar.key
Created out/spiffe_example.com_foo_bar.csr

❯ ./certstrap sign spiffe_example.com_foo_bar --CA example.com
Created out/spiffe_example.com_foo_bar.crt from out/spiffe_example.com_foo_bar.csr signed by out/example.com.key

❯ certigo dump -v out/spiffe_example.com_foo_bar.crt
** CERTIFICATE 1 **
Input Format: PEM
Serial: 103223067417972581677006756495353345504
Valid: 2021-12-02 20:43 UTC to 2023-06-02 20:52 UTC
Signature: SHA256-RSA
Subject Info:
        CommonName: spiffe://example.com/foo/bar
Issuer Info:
        CommonName: example.com
Subject Key ID: 2E:5A:9A:ED:E7:E6:C8:CA:AB:2C:B0:B1:38:FA:42:5E:28:88:ED:E9
Authority Key ID: 21:10:B3:50:E6:57:10:D2:D5:87:B1:2F:DE:30:EF:F2:14:A7:9F:0C
Key Usage:
        Digital Signature
        Key Encipherment
        Data Encipherment
        Key Agreement
Extended Key Usage:
        Server Auth
        Client Auth
URI Names:
        spiffe://example.com/foo/bar

@jdtw
Add support for SPIFFE cert requests
ee94319
@jdtw
Merge branch 'master' into jwood/spiffe
d144b3d 
* master:
  Add flags to certstrap to support ECDSA and Ed25519 (#128)
@jdtw jdtw merged commit fda01db into master Dec 2, 2021
@jdtw jdtw deleted the jwood/spiffe branch December 2, 2021 22:57
mbyczkowski pushed a commit that referenced this pull request May 12, 2023
@jdtw @mbyczkowski
Add support for SPIFFE cert requests (#131)
80206d0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmontgomery-square mmontgomery-square mmontgomery-square approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jdtw @mmontgomery-square