flihp
commented
6 months ago that may be something we do eventually but not yet. closing so someone can make a better ticket once we know what it should look like
Closed flihp closed 6 months ago
flihp
commented
6 months ago that may be something we do eventually but not yet. closing so someone can make a better ticket once we know what it should look like
I'm still not 100% on this but it seems that now that we can generate certs from the KDLs it might be useful to be able to do this from software. This won't be useful in a generic CA since these typically mint certs by evaluating a CSR and, provided the CSR satisfies some policy, copying attributes & extensions from the CSR to the cert. But it could be a way to share code across things that create specific certs like the
dice-mfgandpermslip. Or this could be a waste of time and the smart thing to do would be to just write that code directly and be done with it ...