Xen project Mailing List

Re: [MirageOS-devel] csrs and self-signed certs for TLS

To: "mirageos-devel@xxxxxxxxxxxxxxxxxxxx" <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>

From: Mindy <mindy@xxxxxxxxxxxxxxxxxxx>

Date: Fri, 12 Jun 2015 10:54:47 +0100

Delivery-date: Fri, 12 Jun 2015 09:56:08 +0000

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

On 06/12/2015 10:47 AM, Thomas Leonard wrote:

On 12 June 2015 at 10:10, Mindy <mindy@xxxxxxxxxxxxxxxxxxx> wrote:

We don't have a nice way to generate certificate signing requests or
self-signed certificates ourselves yet, right?  I'm writing up a thing on
getting HTTPS up and running with mirage-seal and those are places where I
have to say "invoke openssl or your favorite alternative, but we got nothin'
for you".

If I'm incorrect, I'd appreciate a pointer on where to go looking. :)

Possibly useful:

CueKeeper ("server" branch) will generate a self-signed certificate as
part of the build process:

https://github.com/talex5/cuekeeper/tree/server#running-a-server

It looks from the Makefile like this is a (convenient!) wrapper around

an invocation of `openssl`. Perhaps the next release of mirage-seal

could do something like this as well, if we have no nice ocaml-x509 way

to do this?

(Looking at my notes from a couple weeks ago I see that I concluded then

from some ocaml-x509 documentation that creating certificates/csrs was

indeed not currently supported; my reasons for concluding this have

unfortunately been garbage collected, but unless I hear otherwise I'll

assume I was correct)

-Mindy _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.