cfssl
cfssl copied to clipboard
cloudflare
CFSSL: Cloudflare's PKI and TLS toolkit
CFSSL scan should report the server's capability for HTTP/2 and SPDY using the ALPN extension. https://github.com/jgrahamc/h2scan
config: ``` { "signing": { "default": { "usages": [ "signing", "key encipherment", "client auth" ], "auth_key": "supersecretkey", "expiry": "26280h" }, "profiles": { "server": { "usages": [ "signing", "key encipherment", "server...
On the scan page, the default text is not handled correctly. I'm not sure what is actually scanned when you don't enter any text, but I would expect some kind...
RFC 2560 (and 6960) specifies `[OCSP r]esponses whose nextUpdate value is earlier than the local system time value SHOULD be considered unreliable`. RFC 5019 also states `in order to ensure...
x.509 allows for multiple OU fields, so that certificate ownership can be clearly identified even in very large organizations. It's common to see something like this in the Subject Name:...
Currently signatures on SCTs that are returned from CT logs to be included in certificates aren't verified using the logs public keys.
Not sure if this is certificate transparency's issue or ours (I'm not familiar with gox): ``` $ go version go version go1.7.1 linux/amd64 $ go env GOARCH="amd64" GOBIN="" GOEXE="" GOHOSTARCH="amd64"...
Hello, I've been trying to revoke a certificate using the API. A few things I noted: - the format of the Serial and AKI in 'certinfo' is different from the...
Since Chrome/Firefox/IE are gradually deprecating SHA-1 certificate, cfssl bundler needs to adjust the definition of 'ubiquity', which is the default bundling strategy (or BundleFlavor as we call it). We have...
The info endpoint currently only presents information about the key pointed to by a given label. It should also print out information about the profile. This includes: - Duration -...