search

EVerest / libevse-security

Apache License 2.0
7 stars 5 forks source link

Additional CSR Parameters #53

Closed AssemblyJohn closed 4 months ago

AssemblyJohn commented 7 months ago

It is useful to be able to add additional items into the CSR so that additional use can be made of the certificate and key. A usecase would involve adding a subject alternative name (DNS name and IP address) and extended key usage (TLS server).

This topic is consider any additional CSR configuration that might be useful along with options as to how best to realize this enhanced capability.

Some possible implementations options:

1) Extend the existing approach and possibly expand the CSR interface with a struct parameter that can grow in the future 2) Call OpenSSL (openssl req -config ...) allowing a specific configuration file to be used allowing some settings of the command line

There are some example script that use OpenSSL to generate certificates for the unit tests that demonstrate how OpenSSL configuration could be used: example. CSRs could use similar approaches.

AssemblyJohn commented 4 months ago

Not relevant/required any more.