-
Notifications
You must be signed in to change notification settings - Fork 447
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Tokens for Renewing Certificates #2042
base: master
Are you sure you want to change the base?
Conversation
Allow for Creating Tokens for Renewing Certificates
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really know what you're trying to do here.
Without taking into account the rekeys, step-ca
provides two different ways to renew an X.509 certificate:
- Using an mTLS connection with the certificate to renew.
- Making a request with an authorization token that contains the certificate embedded in the token and is signed by the private key of the certificate.
The token you are creating is a regular sign token with the audience changed. I would be surprised if that works.
Name of feature: Provide Functionality for Tokens to be Used for Renewing Certificates
Pain or issue this feature alleviates: Currently, a provisioner doesn't allow for tokens to be used in the
provisioner.RenewWithToken
function as the audience is set to use/1.0/sign
, which makes the token invalid for renewing certificates.Why is this important to the project (if not answered above): Renewal of certificates via tokens issued with a provisioner is required for planned application usage.
Is there documentation on how to use this feature? If so, where?
None that I am aware of.
In what environments or workflows is this feature supported?
Any environments where this usage is planned or expected.
In what environments or workflows is this feature explicitly NOT supported (if any)?
None
Supporting links/other PRs/issues: N/A
💔Thank you!