[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] csrs and self-signed certs for TLS



On 06/23/2015 03:44 PM, Mindy wrote:
On 06/12/2015 02:38 PM, Amir Chaudhry wrote:
On 12 Jun 2015, at 11:32, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Hey,

On 06/12/2015 10:10, Mindy wrote:
We don't have a nice way to generate certificate signing requests
or self-signed certificates ourselves yet, right?  I'm writing up
a thing on getting HTTPS up and running with mirage-seal and those
are places where I have to say "invoke openssl or your favorite
alternative, but we got nothin' for you".

If I'm incorrect, I'd appreciate a pointer on where to go looking.
:)
It is currently not possible to generate certificate signing requests
(as defined in PKCS10), but generation of self-signed certificates is
possible (not in released X.509, only on master):
https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L117-L140

I'll try to add generation of CSRs to X.509 this weekend.
That would be great.  Would this be available via the command line?

Please do let us know when itâs ready and we can update the instructions.
I have a *very* small utility that generates self-signed certificates and CSRs, which you can check out at https://github.com/yomimono/ocaml-certify (look at the "naming" branch, which uses a bunch of unreleased upstream stuff). I just used it to generate a CSR and key that gandi.net signed with no complaints; I'm using that cert and key to power https://dashcon2015.com, which is running a unikernel generated with mirage-seal in ec2. Yay!
(which currently isn't available because DNS is slow, but if you stick an entry for dashcon2015.com -> 52.27.39.97 in your /etc/hosts you'll see it by ~magic~!)

-Mindy

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.