Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support an API that accepts Certificate Signing Requests #503

Closed
di opened this issue Apr 5, 2022 · 2 comments · Fixed by #527
Closed

Support an API that accepts Certificate Signing Requests #503

di opened this issue Apr 5, 2022 · 2 comments · Fixed by #527
Assignees
@haydentherapper
Labels
enhancement New feature or request

Comments

@di
Copy link
Member

di commented Apr 5, 2022

Description
Currently the /api/v1/signingCert API accepts a JSON body that includes a public key (publicKey) and a signed email address (signedEmailAddress).

Some ecosystems (e.g. Python) have good primitives for generating Certificate Signing Requests, and it would be preferable for Fulcio to support an API that accepted CSRs directly as an alternative to the current Fulcio-specific request body when requesting a signing certificate.
@di di added the enhancement New feature or request label Apr 5, 2022
@di di mentioned this issue Apr 11, 2022
Merged
@haydentherapper haydentherapper self-assigned this Apr 15, 2022
@haydentherapper
Copy link
Contributor

@dlorenc @lukehinds - I'm taking a look at adding support for CSRs as a key delivery and proof of possession mechanism. It was mentioned to me that there was a conversation from awhile ago around not supporting this - Do you recall the context?

I'm in support of this feature, as there's more widespread support for CSR generation than encoding public keys. It also simplifies the proof of possession challenge, as the CSR is self-signed.

@haydentherapper haydentherapper mentioned this issue Apr 15, 2022
Merged
@dlorenc
Copy link
Member

dlorenc commented Apr 16, 2022

I have no problems adding it for compatibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@haydentherapper haydentherapper

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add CSR support for key delivery and proof of possession haydentherapper/fulcio
3 participants
@di @dlorenc @haydentherapper