Server that helps the Box to announce its local IP address without relying on mDNS, and to register its LetsEncrypt cert for use on its local IP address.
As we will be generating TLS certs on the Box anyway, authentication via TLS client certs seems like an appropriate option. This server should be configured with the root cert to trust, and the Box should have a signing certificate signed with that same root cert, and a TLS certificate signed with the Box's own signing certificate.
Additionally, the Box should only be allowed to set records under /v1/dns/org/knilxof/<hash>, where <hash> is the first 32 hex chars of the sha256 of its signing cert.
michielbdejong
commented
8 years ago
As we will be generating TLS certs on the Box anyway, authentication via TLS client certs seems like an appropriate option. This server should be configured with the root cert to trust, and the Box should have a signing certificate signed with that same root cert, and a TLS certificate signed with the Box's own signing certificate.
Additionally, the Box should only be allowed to set records under
/v1/dns/org/knilxof/<hash>, where<hash>is the first 32 hex chars of the sha256 of its signing cert.