Getting template from client

Open idan100 opened this issue 1 year ago • 1 comments

Hi grindsa I would like my clients (acmesh,winacme and cert manager) to transfer the template they want in their request to my acme2certifier pod. I am using the mswcce ca handler, and I saw you can transfer the desired template by the useragent field. Sadly I cannot use this field in order to transfer the template - since I am using it to collect metrics for it's original purpose, the user agent sending the request. I saw in acme.sh that there is the field: "extended-key-usage", which is also getting a string and is more appropriate for passing the template. I was wondering if you could parse this field in order to extract the template name from it and passing it on to Microsoft ADCS. Thanks in advanced!

Oct 21 '24 13:10 idan100

Hi,

I had a quick look; I am not sure if --extended-key-usage fits the purpose as:

it encodes the extended key-attributes in the csr
only pre-defined values are allowed

The handler could be modified to extract the attributes from the CSR and send the first one as template-name to the CA but as i said; given the above limitation i am not sure if this is enough for your needs.

/G.

Oct 22 '24 05:10 grindsa