Kyle Isom
Kyle Isom
This is really interesting --- I'd never really considered the use case where certmgr was a library. To address the points: 1. Easy enough. The only thing I really worry...
@cbroglie Indeed.
@andrewplunk One thing that occurs to me, have you tried using the CFSSL [`transport`](https://godoc.org/github.com/cloudflare/cfssl/transport) package? certmgr is essentially a UI on top of this, so it might be useful, too.
Just an update @cmrunton; I've been working on debugging this, but I haven't had a lot of time to poke at it. We are paying attention, though; hopefully this week...
Thanks for the MWE. This is due to how DNs are handled in CFSSL; names are constructed from the other fields in the `pkix.Name` structure provided by the Go standard...
@jacob-salassi We already shipped 1.3, but it's probably going to require some work in the `signer` package (e.g. [here](https://github.com/cloudflare/cfssl/blob/master/signer/signer.go#L245)) as well as an update to `config.CSRWhitelist`. I don't know that...
The auth feature was mostly designed for CFSSL instances interacting with the `multirootca`, but the `cfssl` server doesn't have an authenticated newcert endpoint for local signatures. This is something we're...
@fhossain To provide some context: we had build tags for pkcs 11 (at one point default enabled and at another default disabled). While in theory it would work great and...
I definitely agree with this, and I'd love to see this in.
I am also running into this.