[rs-dev] New module: mod_cert
Graham Leggett
minfrin at redwax.eu
Tue Feb 25 00:03:35 CET 2020
On 24 Feb 2020, at 20:08, Dirk-Willem van Gulik <dirkx at webweaving.org> wrote:
>> To make it easier to gain access to and download CA certificates in a specific Redwax installation, the mod_cert module has been added that allows access to CA certificates as follows:
>> ...
>> https://interop.redwax.eu/test/simple/ca.der
>
> Ah lovely - I was looking at this the other day - and started doing something similar for CRL's.
>
> Am wondering if we need a discovery mechanism - so that anything that 'getca' and similar give access to - can be auto-exposed.
Currently at its most basic, mod_cert exposes the getca and getnextca hooks. Very shortly mod_pkcs7 will do the same thing, but as pkcs7 responses.
The next step is to create a certfetch hook to match the certstore hook, and have certs returned by transaction id or serial number via mod_cert/mod_pkcs7. This also is a prerequisite for supporting delayed certificate signing in scep, as we need a way to return a cert when eventually signed.
Regards,
Graham
—
More information about the rs-dev
mailing list