Closed onalante-msft closed 1 year ago
Testing done by inspecting generated CSR with this patch:
diff --git a/identity/aziot-identityd/src/lib.rs b/identity/aziot-identityd/src/lib.rs
index 4ec2a7d..df7169c 100644
--- a/identity/aziot-identityd/src/lib.rs
+++ b/identity/aziot-identityd/src/lib.rs
@@ -838,7 +838,9 @@ pub(crate) fn create_csr(
csr.set_pubkey(public_key)?;
csr.sign(private_key, openssl::hash::MessageDigest::sha256())?;
- csr.build().to_pem()
+ let pem = csr.build().to_pem()?;
+ std::fs::write("/var/lib/aziot/identityd/csr.pem", &pem).unwrap();
+ Ok(pem)
}
pub struct SettingsAuthenticator {
End-to-end DPS+EST testing done with https://github.com/globalsign/est.
Certificate subject configuration options for EST-issued certificates were not being propagated to identityd, which meant that CSRs to issue a certificate would not be generated with the configured certificate subject. Add additional configuration options to identityd to receive a CSR subject configuration and adjust
aziotctl config apply
to hydrate these options with the certificate issuance options extracted forcertd
.