est icon indicating copy to clipboard operation
est copied to clipboard

Published 20 hours ago verified publisher icon globalsign

Include challenge password attribute if required by EST server

Open mobe1 opened this issue 11 months ago • 4 comments

The changes introduced come after the issue/feature requrest https://github.com/globalsign/est/issues/30 has been opened. They allow us to enroll a CSR that includes the TLS-unique value as recommended by the RFC 7030

  • Because each http client instantiation results in a new TLS-unique, one way of including it would be to make EST requests from the same http client.
  • Because the standard crypto/x509 Go package does not handle the challenge password attribute (OID) the way an EST/CA server expects it, the CSR creation had to be wrapped.

mobe1 avatar Mar 15 '24 09:03 mobe1

Thanks for opening this PR, I'll forward this to my team for review.

toddgaunt-gs avatar Mar 15 '24 12:03 toddgaunt-gs

[ ] Need to resolve conflicts after upgrading to Go 1.22.1...

toddgaunt-gs avatar Apr 09 '24 15:04 toddgaunt-gs