cfssl
cfssl copied to clipboard
cloudflare
CFSSL: Cloudflare's PKI and TLS toolkit
i run the following sequence of commands to generate a self-signed root ca, and sign a `server` cert with it ```sh cfssl genkey -initca csr.json | cfssljson -bare root cfssl...
-
Would like to update the generation of the SKI to use a more modern algorithm. Seems prudent in the face of SHA-1 problems. Already rolled out by [letsencrypt](https://community.letsencrypt.org/t/enabling-sha256-subject-key-identifiers-for-end-entity-certificates/211453).
In the current definition, a comma (`json:"OID,omitempty"**,** yaml:"OID,omitempty"`) that breaks the reflection.
According to [official doc](https://pkg.go.dev/crypto/x509#Certificate.CreateCRL), `CreateCRL` is not RFC 5280 conformant and should be deprecated. This PR replaces it with new API, as well as adds an optional parameter for CRL...
