d.rymcg.tech icon indicating copy to clipboard operation
d.rymcg.tech copied to clipboard
verified publisher icon EnigmaCurry

Fix mTLS cert to include CA cert

Open EnigmaCurry opened this issue 1 year ago • 0 comments

On GrapheneOS (and possibly iPad) the mTLS cert generated by step-ca does not import. This was tested by @mcmikemn to be due to the fact that the CA cert is not included. Even though its the server's job to validate the client cert, graphene seems to need it anyway.

https://github.com/EnigmaCurry/d.rymcg.tech/blob/7352447b5c547ecd02cd67eceb692d260b6d7781/step-ca/Makefile#L53-L55

mike says

step ca root root.crt
cat client.crt root.crt > combined.crt
step certificate p12 combined.crt client.key newclient.p12

EnigmaCurry avatar Sep 06 '24 15:09 EnigmaCurry