certmgr icon indicating copy to clipboard operation
certmgr copied to clipboard
verified publisher icon cloudflare

Any way to dump certificate bundle?

Open akamac opened this issue 4 years ago • 2 comments

Hi,

Is there any way to dump not only cert/key/ca, but also cert+ca bundle?

Thanks!

akamac avatar Dec 17 '21 22:12 akamac

I am very interested, too.
In fact that nginx need a certificate bundle with intermediate CA in it. How do other user solve this? with command as action to call bash script?!

ChrisChoke avatar May 20 '22 14:05 ChrisChoke

for me this example spec solve the bundling for now. root CA is in cert-store from client. and intermediate CA is bundled with domain cert in one file by this command.

{
    "svcmgr": "command",
    "action": "cat /etc/myservice/ca.pem >> /home/kyle/tmp/certmgr/certs/test1.pem && service nginx restart",
    "request": {
        "CN": "www.example.net",
        "hosts": [
            "example.net",
            "www.example.net"
        ],
        "key": {
            "algo": "ecdsa",
            "size": 521
        },
        "names": [
            {
                "C": "US",
                "ST": "CA",
                "L": "San Francisco",
                "O": "Example, LLC"
            }
        ]
    },
    "private_key": {
        "path": "/etc/ssl/private/www.key",
        "owner": "www-data",
        "group": "www-data",
        "mode": "0600"
    },
    "certificate": {
        "path": "/home/kyle/tmp/certmgr/certs/test1.pem",
        "owner": "www-data",
        "group": "www-data"
    },
    "ca": {
        "path": "/etc/myservice/ca.pem",
        "owner": "www-data",
        "group": "www-data"
    },
    "authority": {
        "remote": "ca.example.net:8888",
        "auth_key": "012345678012345678",
        "label": "www_ca",
        "profile": "three-month",
        "root_ca": "/etc/cfssl/api_server_ca.pem"
    }
}

ChrisChoke avatar May 23 '22 17:05 ChrisChoke