kcert icon indicating copy to clipboard operation
kcert copied to clipboard

Published 20 hours ago verified publisher icon nabsul

External Account Binding for KCert client with ACME

Open shubham-root opened this issue 2 years ago • 3 comments

As discussed in #49 attempting to add EAB account registration to KCert.

shubham-root avatar Jun 04 '22 21:06 shubham-root

For testing, you can run kcert locally with dotnet run. It will automatically use your kubectl credentials to connect to kubernetes.

Instead of environment variable I use dotnet user secrets: https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets#enable-secret-storage

nabsul avatar Jun 05 '22 12:06 nabsul

I thought a little more about testing, and I think that won't work actually. You can tun KCert locally as I described, but I don't think renewals will work properly. You'll need to deploy a test version to try it out.

nabsul avatar Jun 05 '22 13:06 nabsul

Sure thanks for the pointers on testing locally. I was a still seeing outage and incredibly slow response times on ZeroSSL today, have not been able to figure out a different SSL service that could let me quickly set up a test for ACME EAB. Shall prod around with SSL.com maybe and see if something can come out of there. Shall test before marking the draft PR ready for review.

shubham-root avatar Jun 05 '22 14:06 shubham-root

This feature was completed by @Zegorax and is now merged into main. It will be in the next release after testing is compelted.

nabsul avatar Feb 17 '24 15:02 nabsul