Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow signing of intermediate CA #77

Merged
merged 1 commit into from
Mar 29, 2023
Merged

Allow signing of intermediate CA #77

merged 1 commit into from
Mar 29, 2023

Conversation

derveloper
Copy link
Contributor

This commit removes the check if the certificate has the CA flag. This is possible because step-ca supports signing CAs.

Name of feature:

Allow signing of CAs

Pain or issue this feature alleviates:

Signing certificates with CA flag

Why is this important to the project (if not answered above):

more step-ca features are usable

Supporting links/other PRs/issues:

Closes #9

💔Thank you!

@derveloper
Allow signing of intermediate CA
04d8714 
This commit removes the check if the certificate has the CA flag. This is possible because step-ca supports signing CAs.
Closes smallstep#9
@CLAassistant
Copy link

CLAassistant commented Mar 27, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Mar 27, 2023
@maraino
Copy link
Collaborator

maraino commented Mar 28, 2023

Hi @derveloper, the change looks good. Can I ask you for a use case for this?

And I'm assuming you're aware that for this to work, you will need a particular configuration of step-ca, on the template and the intermediate.

You can do clever things in the template, but in most cases, you would want to use two different issuers, one for leaves and one for intermediates.

@derveloper
Copy link
Contributor Author

Thanks for your response!

Can I ask you for a use case for this?

Of course, my use case is, creating a CA for linkerd-identity. I want to have the certificate provisioned via StepIssuer, this enables me to keep the definition of the certificate in my git repo.

And I'm assuming you're aware that for this to work, you will need a particular configuration of step-ca, on the template and the intermediate.

I am, I've tested the PR and have configured a additional JWK provisioner in step-ca.

maraino
maraino approved these changes Mar 29, 2023
View reviewed changes
Copy link
Collaborator

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for responding. I'll merge right away.

@maraino maraino merged commit 76d91f8 into smallstep:master Mar 29, 2023
@maraino
Copy link
Collaborator

maraino commented Mar 29, 2023

@derveloper I've released a new version of the docker image and the helm chart.

@derveloper derveloper deleted the patch-1 branch March 30, 2023 12:05
@derveloper
Copy link
Contributor Author

Thanks for the merge, very much appreciated that I don't need to maintain my fork 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maraino maraino maraino approved these changes

Assignees
No one assigned
Labels
needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support to sign intermediate certificates
3 participants
@derveloper @CLAassistant @maraino