fulcio icon indicating copy to clipboard operation
fulcio copied to clipboard
verified publisher icon sigstore

support for aws private ca

Open tuananh opened this issue 2 years ago • 1 comments

Question

Is there any plan to add support for Aws private CA? I saw gcp CA is supported but not AWS private CA.

https://aws.amazon.com/private-ca/

tuananh avatar Apr 03 '23 10:04 tuananh

Hey! We aren’t prioritizing support right now but are open to PRs!

Happy to give pointers to help with the implementation. Implement the CertificateAuthority interface, https://github.com/sigstore/fulcio/blob/main/pkg/ca/ca.go#L28, and if possible, the EmbeddedSCTCA interface, https://github.com/sigstore/fulcio/blob/main/pkg/ca/embeddedca.go#L27, which enables support for the CT log. The latter requires that AWS Private CA support setting the certificate’s serial number and expiration (not before, not after), since you have to sign the certificate twice (GCP CA Service did not support this).

Hayden-IO avatar Apr 03 '23 15:04 Hayden-IO