-
We've been running google-cas-issuer for just under a year, to generate certificates to secure Istio workloads. And recently found that it started to reach high memory usage (in the hundreds of MBs) a…
-
It would be useful to be able to add my own extensions (`X509Enrollment.CX509Extension` ?) to a CSR (`X509Enrollment.CX509CertificateRequestPkcs10` ?), perhaps as an array Parameter to the `New-Certif…
-
Given the following Certificate, in the absence of any ClusterIssuer, I notice that the "ClusterIssuer not found" event is created four times, once for each of the built in issuers.
```yaml
# Crea…
-
See #31
We should write an e2e test to ensure CertificateRequests are garbage collected by cm when the owning Pod is deleted.
First however, we need to setup our e2e testing framework.
/assi…
-
## Bug Report
#### What did you do?
We create controller for cert-manager CertificateRequest CRD. Controller logic is based on CertificateRequest and namespace metadata in which Certificate…
-
I am trying to use this library through pods (pod 'SelfSignedCert') , after successfully getitng pod . i am importing (import SelfSignedCert) in my class. i am trying to create Self Signed Cert using…
-
A common pattern to build a locally trusted CA with cert-manager is to create a self-signed issuer, use it to issue a CA certificate, then use that certificate with a ca issuer to issue leaf certifica…
-
ACME challenges stopped working on our Openshift cluster after operator upgrade to 1.13/1.14 version. It was working without problems with operator version 1.12 and stopped working after operator upda…
-
We have a case in DTLS1.2:
If the server receives an Alert message between CCS and Finish, the Alert message is queued. Then,
- If the server receives the finish message, it returns an alert me…
-
gmssl中实现的Certificate Request协议格式与通用TLS1.2格式不同,中间缺失了Signature Hash Algorithms ,对比见后面附图:
以下是TLS1.2的协议。
struct {
ClientCertificateType certificate_types;
SignatureAndHashAlgorithm supported_sign…