zoraxy icon indicating copy to clipboard operation
zoraxy copied to clipboard
verified publisher icon tobychui

[ENHANCEMENTS] Possibility to Use Custom Preferred Certificate Authority

Open prueckls opened this issue 1 year ago • 4 comments

I am using a custom PKI with self-signed certificates, so it would be beneficial to add the option to use a custom ACME provider for certificate generation and renewal. Currently, only the ACME Tool allows the use of custom ACME servers, which suggests that the programmatic logic is already in place.

prueckls avatar Nov 08 '24 14:11 prueckls

Hi @prueckls

I think you will need to ping the one-time contributor who added this feature and ask if that is possible. My homelab is currently under maintenance & upgrade and I cannot test ACME related features at least for a few more months.

You can check out the PR and see if you can ping the contributor and ask for his help to extend his feature a bit more.

tobychui avatar Nov 08 '24 14:11 tobychui

Hey im using LabCA and i would highly appreciate this getting added :)

ojsef39 avatar Dec 22 '24 15:12 ojsef39

I need the ability as well to use our internal intermediate CA to support corporate PKI. It does not appear that PR #48 addresses the need.

Digging through the code I found ca.json of the ACME module. We should be able to add a URL to our own servers for this to work. Is there any way to not embed the file and place it in /opt/zoraxy/config/conf? Then we could easily add to the file. It would save having to make changes to the UI as well.

I don't write in go often but couldn't we ditch the embedded file and modify ca.go of the ACME module with something like this...

func init() {
	// Read the external ca.json file.
	caJson, err := os.ReadFile("./conf/ca.json")
	if err != nil {
		log.Println("[ERR] Unable to read the file ca.json:", err)
		return
	}

	// Unmarshal the JSON content into a temporary structure.
	var runtimeCaDef CaDef
	err = json.Unmarshal(caJson, &runtimeCaDef)
	if err != nil {
		log.Println("[ERR] Unable to unmarshal CA def from external file. Is your ca.json valid?", err)
		return
	}

	caDef = runtimeCaDef
}

patanne avatar Feb 20 '25 14:02 patanne

+1. it would be very helpful for corporate or airgapped network segments.

@daluntw can you take a look? you did great job on the acme tool implementation. But its very annoying to copy paste the directory url every time in the text fields 😊 Would be nice to had the possibilty to add a custom acme server up to the prefered drop down list with.

Chris

ChrisChoke avatar Sep 22 '25 08:09 ChrisChoke