-
Auth's binaries all use underscores:
- `generate_cert`
- `generate_csr`
- `istio_ca`
- `node_agent`
Across the rest of Istio we don't do this:
- [`pilot`](https://github.com/istio/pilot/blob/m…
-
Hi! Thank you for your tutorial. I followed all steps. It worked for my main domain! Thank you! but I have troubles with my subdomains.
I was using your method described in 3.3 by using a challenge…
-
**BUSINESS PROBLEM**
If the downstream CA service is down for any reason, Venafi TPP changes the status of certificate object to Error.
The scenario to reproduce this is simple
`cert-manager--->…
-
When I try to add a custom extension to a certificate signing request, my program crashes with the following error:
```
asn1.oidToDer(ext.id).getBytes()));
^
TypeError: Cannot re…
-
Hello,
I'm trying to setup a fabric-ca-server with AWS CloudHSM:
I use the library cloudhsm-pkcs11 v5.2.1-2 on ubuntu 18.04 (there are no more recent ubuntu versions supported by AWS cloudHSM at…
-
The example gencsr script does not work as keyutil does not recognize the algorithm RSA.
node testCSRGen.js -a RSA -s 2048 -d /c=us,ou=dep,cn=apples.com 20240501102222
The script contained in the …
-
We are currently using istio-csr in combination with a cert-manager Vault issuer. In Vault we configured the pki-roles to only allow ECDSA keys with 384-bit curves. As soons as istio-csr tries to sign…
-
**Describe the feature request**
***Historical background***
There used to be a feature to instrument `node-agent` to generate workload certificates with a non-empty Subject. Today, Istio's gene…
-
I am attempting to use go-client to create a custom resource without success. Below is attached sample code that shows an attempt to use a dynamic resource with unstructured data to create a certif…
-
% cfssl version
Version: 1.3.4
Revision: dev
Runtime: go1.12.7
When using `cfssl gencsr -key `, I noticed that cfssl seems to adjust the mtime of the keyfile. Since the use case of gencsr is to …