Michael Malone
Michael Malone
Related: https://github.com/smallstep/cli/issues/213
Hey Miclain, Correct. That's not currently possible. Hypothetically, I could see the intermediate signing key / certificate configured on a per-provisioner basis. Practically, there are a bunch of little complications...
Yea, we'd definitely want to support the different signer types. As an MVP, I get what you did here. This does look like the lightest-weight thing that could be done...
At present I don't see another issue that more succinctly requests CRL. I'm gonna go ahead and reopen this for the time being so there's a public place for folks...
@mkkeffeler that makes sense, with the caveat that ACME isn't your only option. I'm assuming that your legacy clients can't use any sort of automated certificate management, ACME or otherwise?...
@mkkeffeler unfortunately, I don't think we have any documentation on creating a CRL or setting up OCSP anywhere. Maybe someone else in the community can help. If you figure out...
@0xjac yea that all makes sense. If you added something like you're describing we'd accept it (modulo code review and approval, of course). Regarding renewals: the other option we've considered...
@dharanikumar-s ha, so you have `cfssl` acting as an OCSP responder for `step-ca`? That's impressive... Sorry you had to go through all that hassle. @Hardcorian certificate flexibility (https://github.com/smallstep/certificates/issues/300) should drop...
Hi folks! This is a bit of a philosophical issue for us for a couple reasons. We're always learning, so I'm not gonna say we'll never do this, but I...
Just wanted to drop this in here as another idea: https://github.com/kardianos/service