secretgen-controller icon indicating copy to clipboard operation
secretgen-controller copied to clipboard

Published 20 hours ago verified publisher icon carvel-dev

Support ECDSA P-256 certificates

Open ron1 opened this issue 3 years ago • 3 comments

Describe the problem/challenge you have

I need to bootstrap Linkerd with an ECDSA P-256 certificate.

Describe the solution you'd like

I would like to use the secretgen controller to create a ECDSA P-256 certificate for use by graduated CNCF project Linkerd. Linkerd does not support the RSA certs created by the secretgen controller.

Anything else you would like to add:

ron1 avatar Nov 22 '21 02:11 ron1

@ron1 that would be good. do you happen to know some recommended ways to generate that type of certificate in go?

cppforlife avatar Nov 22 '21 20:11 cppforlife

ah i see some prior art in here: https://go.dev/src/crypto/tls/generate_cert.go

cppforlife avatar Nov 22 '21 20:11 cppforlife

You can also take a look at this linkerd-cli function that generates a ecdsa key: https://github.com/linkerd/linkerd2/blob/b9aa32f9b20057c7166347825428e53525962b9c/pkg/tls/ca.go#L145

ron1 avatar Nov 23 '21 03:11 ron1