mirror of
https://github.com/laurivosandi/certidude.git
synced 2026-04-25 00:25:57 +03:00
[GH-ISSUE #11] Certificate renewal #5
Labels
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/certidude-laurivosandi#5
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @laurivosandi on GitHub (Feb 7, 2016).
Original GitHub issue: https://github.com/laurivosandi/certidude/issues/11
A cron job could be scheduled 2 weeks before the certificate expiration so Certidude could also perform certificate renewal. Certidude server could automatic allow certificate renewal in certain timeframe, exact implementation details need more investigation.
@laurivosandi commented on GitHub (Jan 23, 2017):
Similarily to Lets Encrypt we could drastically shorten the lifetime of the certificates if there is another kind of trust set up, eg AD membership which would permit regular automatic renewal eg renew when certificate is older than 2 weeks (or however long the employees plan to have a vacation).
@laurivosandi commented on GitHub (Jan 24, 2017):
As described on the link below we can use key corresponding to currently valid certificate to sign a new signing request.
http://stackoverflow.com/questions/10782826/digital-signature-for-a-file-using-openssl
The signature can be supplied with HTTP headers, see link below.
Signature: keyId="Test",algorithm="rsa-sha256",
headers="(request-target) host date content-type digest content-length",
signature="jgSqYK0yKclIHfF9zdApVEbDp5eqj8C4i4X76pE+XHoxugXv7q
nVrGR+30bmBgtpR39I4utq17s9ghz/2QFVxlnToYAvbSVZJ9ulLd1HQBugO0j
Oyn9sXOtcN7uNHBjqNCqUsnt0sw/cJA6B6nJZpyNqNyAXKdxZZItOuhIs78w="
https://tools.ietf.org/html/draft-cavage-http-signatures-03
@laurivosandi commented on GitHub (Mar 26, 2017):
Implemented with
06010ceaf3