|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] csrs and self-signed certs for TLS
On 06/12/2015 02:38 PM, Amir Chaudhry wrote: I have a *very* small utility that generates self-signed certificates and CSRs, which you can check out at https://github.com/yomimono/ocaml-certify (look at the "naming" branch, which uses a bunch of unreleased upstream stuff). I just used it to generate a CSR and key that gandi.net signed with no complaints; I'm using that cert and key to power https://dashcon2015.com, which is running a unikernel generated with mirage-seal in ec2. Yay!On 12 Jun 2015, at 11:32, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Hey, On 06/12/2015 10:10, Mindy wrote:We don't have a nice way to generate certificate signing requests or self-signed certificates ourselves yet, right? I'm writing up a thing on getting HTTPS up and running with mirage-seal and those are places where I have to say "invoke openssl or your favorite alternative, but we got nothin' for you". If I'm incorrect, I'd appreciate a pointer on where to go looking. :)It is currently not possible to generate certificate signing requests (as defined in PKCS10), but generation of self-signed certificates is possible (not in released X.509, only on master): https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L117-L140 I'll try to add generation of CSRs to X.509 this weekend.That would be great. Would this be available via the command line? Please do let us know when itâs ready and we can update the instructions. As an aside, working with x509 and nocrypto was a total joy and doing what I needed to do was very straightforward. -Mindy _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |