Support s/mime email certificates #143
Comments
|
What would you use an S/MIME certificate that is only valid on your computer for? |
|
I would use this for testing development of S/MIME tooling. Would you accept a PR that implemented this? |
|
Could we just detect an email address in the names list and generate a cert valid for S/MIME? I’m not familiar with S/MIME myself. |
|
If you'd be okay with that. We'd want to either add a DN component or SAN for the email address. We'd also probably want to add key usage for signing and extended key usage for email/code signing. |
|
Sounds good to me! Slight preference for SAN over DN. Drop the serverAuth EKU if all names are emails. Still respect -client. |
|
Cool. I won't be able to look at this for ~2 weeks, but will put it on my todo list unless someone else gets to it first. |
Given an email address for a command line option, it would be cool to generate certificates suitable for S/MIME use in Thunderbird or Outlook.
The text was updated successfully, but these errors were encountered: