search

cloudflare / certmgr

Automated certificate management using a CFSSL CA.
BSD 2-Clause "Simplified" License
217 stars 40 forks source link

Any way to dump certificate bundle? #111

Open akamac opened 2 years ago

akamac commented 2 years ago

Hi,

Is there any way to dump not only cert/key/ca, but also cert+ca bundle?

Thanks!

ChrisChoke commented 2 years ago

I am very interested, too. \ In fact that nginx need a certificate bundle with intermediate CA in it. How do other user solve this? with command as action to call bash script?!

ChrisChoke commented 2 years ago

for me this example spec solve the bundling for now. root CA is in cert-store from client. and intermediate CA is bundled with domain cert in one file by this command.

{
    "svcmgr": "command",
    "action": "cat /etc/myservice/ca.pem >> /home/kyle/tmp/certmgr/certs/test1.pem && service nginx restart",
    "request": {
        "CN": "www.example.net",
        "hosts": [
            "example.net",
            "www.example.net"
        ],
        "key": {
            "algo": "ecdsa",
            "size": 521
        },
        "names": [
            {
                "C": "US",
                "ST": "CA",
                "L": "San Francisco",
                "O": "Example, LLC"
            }
        ]
    },
    "private_key": {
        "path": "/etc/ssl/private/www.key",
        "owner": "www-data",
        "group": "www-data",
        "mode": "0600"
    },
    "certificate": {
        "path": "/home/kyle/tmp/certmgr/certs/test1.pem",
        "owner": "www-data",
        "group": "www-data"
    },
    "ca": {
        "path": "/etc/myservice/ca.pem",
        "owner": "www-data",
        "group": "www-data"
    },
    "authority": {
        "remote": "ca.example.net:8888",
        "auth_key": "012345678012345678",
        "label": "www_ca",
        "profile": "three-month",
        "root_ca": "/etc/cfssl/api_server_ca.pem"
    }
}