[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] csrs and self-signed certs for TLS

On 06/12/2015 10:47 AM, Thomas Leonard wrote:
On 12 June 2015 at 10:10, Mindy <mindy@xxxxxxxxxxxxxxxxxxx> wrote:
We don't have a nice way to generate certificate signing requests or
self-signed certificates ourselves yet, right?  I'm writing up a thing on
getting HTTPS up and running with mirage-seal and those are places where I
have to say "invoke openssl or your favorite alternative, but we got nothin'
for you".

If I'm incorrect, I'd appreciate a pointer on where to go looking. :)
Possibly useful:

CueKeeper ("server" branch) will generate a self-signed certificate as
part of the build process:


It looks from the Makefile like this is a (convenient!) wrapper around an invocation of `openssl`. Perhaps the next release of mirage-seal could do something like this as well, if we have no nice ocaml-x509 way to do this?

(Looking at my notes from a couple weeks ago I see that I concluded then from some ocaml-x509 documentation that creating certificates/csrs was indeed not currently supported; my reasons for concluding this have unfortunately been garbage collected, but unless I hear otherwise I'll assume I was correct)


MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.