starred/certidude-laurivosandi

Fork 0

mirror of https://github.com/laurivosandi/certidude.git synced 2026-04-25 00:25:57 +03:00

[GH-ISSUE #11] Certificate renewal #5

New issue

Closed

opened 2026-02-26 03:33:28 +03:00 by kerem · 3 comments

kerem commented

2026-02-26 03:33:28 +03:00

Owner

Originally created by @laurivosandi on GitHub (Feb 7, 2016).
Original GitHub issue: https://github.com/laurivosandi/certidude/issues/11

A cron job could be scheduled 2 weeks before the certificate expiration so Certidude could also perform certificate renewal. Certidude server could automatic allow certificate renewal in certain timeframe, exact implementation details need more investigation.

Originally created by @laurivosandi on GitHub (Feb 7, 2016). Original GitHub issue: https://github.com/laurivosandi/certidude/issues/11 A cron job could be scheduled 2 weeks before the certificate expiration so Certidude could also perform certificate renewal. Certidude server could automatic allow certificate renewal in certain timeframe, exact implementation details need more investigation.

kerem closed this issue

2026-02-26 03:33:28 +03:00

kerem commented

2026-02-26 03:33:29 +03:00

Author

Owner

@laurivosandi commented on GitHub (Jan 23, 2017):

Similarily to Lets Encrypt we could drastically shorten the lifetime of the certificates if there is another kind of trust set up, eg AD membership which would permit regular automatic renewal eg renew when certificate is older than 2 weeks (or however long the employees plan to have a vacation).

@laurivosandi commented on GitHub (Jan 23, 2017): Similarily to Lets Encrypt we could drastically shorten the lifetime of the certificates if there is another kind of trust set up, eg AD membership which would permit regular automatic renewal eg renew when certificate is older than 2 weeks (or however long the employees plan to have a vacation).

kerem commented

2026-02-26 03:33:29 +03:00

Author

Owner

@laurivosandi commented on GitHub (Jan 24, 2017):

As described on the link below we can use key corresponding to currently valid certificate to sign a new signing request.

http://stackoverflow.com/questions/10782826/digital-signature-for-a-file-using-openssl

The signature can be supplied with HTTP headers, see link below.

Signature: keyId="Test",algorithm="rsa-sha256",
headers="(request-target) host date content-type digest content-length",
signature="jgSqYK0yKclIHfF9zdApVEbDp5eqj8C4i4X76pE+XHoxugXv7q
nVrGR+30bmBgtpR39I4utq17s9ghz/2QFVxlnToYAvbSVZJ9ulLd1HQBugO0j
Oyn9sXOtcN7uNHBjqNCqUsnt0sw/cJA6B6nJZpyNqNyAXKdxZZItOuhIs78w="

https://tools.ietf.org/html/draft-cavage-http-signatures-03

@laurivosandi commented on GitHub (Jan 24, 2017): As described on the link below we can use key corresponding to currently valid certificate to sign a new signing request. http://stackoverflow.com/questions/10782826/digital-signature-for-a-file-using-openssl The signature can be supplied with HTTP headers, see link below. Signature: keyId="Test",algorithm="rsa-sha256", headers="(request-target) host date content-type digest content-length", signature="jgSqYK0yKclIHfF9zdApVEbDp5eqj8C4i4X76pE+XHoxugXv7q nVrGR+30bmBgtpR39I4utq17s9ghz/2QFVxlnToYAvbSVZJ9ulLd1HQBugO0j Oyn9sXOtcN7uNHBjqNCqUsnt0sw/cJA6B6nJZpyNqNyAXKdxZZItOuhIs78w=" https://tools.ietf.org/html/draft-cavage-http-signatures-03

kerem commented

2026-02-26 03:33:29 +03:00

Author

Owner

@laurivosandi commented on GitHub (Mar 26, 2017):

Implemented with 06010ceaf3

@laurivosandi commented on GitHub (Mar 26, 2017): Implemented with 06010ceaf3e21266bbba03f4d6de61a63c301474

kerem referenced this issue

2026-02-26 03:33:36 +03:00

[PR #5] [MERGED] Add basic test support via travis #59

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/certidude-laurivosandi#5

No description provided.

Rows
Columns