ModioAB / caramel

Caramel is a CA Registry Manager
GNU Affero General Public License v3.0
16 stars 5 forks source link

HTTP endpoint for getting CA cert #37

Open Spindel opened 9 years ago

Spindel commented 9 years ago

We should serve our CA cert at a known URL for clients to get them.

This can be used to migrate root signing certs, and to act as an distribution point for CA + intermediate bundles.

Suggested would be a known endpoint /ca.crt or similar, that distributes only the CA cert. Then we could have /ca.bundle.crt that distributes the whole root ca + all trusted intermediate certs

And last, /{sha256sum}/ca.crt that gets a bundle of root ca +only that intermediate certificate (not all others)