sasa1977 / site_encrypt

Integrated certification via Let's encrypt for Elixir-powered sites
MIT License
471 stars 34 forks source link

Feature Request: add option to provide own root certificate #32

Open hauleth opened 3 years ago

hauleth commented 3 years ago

I have my own "small CA" that I ran on my machine for development. It is already added as a root cert, so it would be handy to be able to reuse that one instead of being forced to add exceptions for each application independently for internal ACME server.

sasa1977 commented 3 years ago

I think this is a wonderful idea!

Currently to run the internal ACME server we pass {:internal, port: xyz}. This could be expanded with an optional :ca setting (defaults to nil), which should be propagated to this code, where the pair is used if provided, or generated if not.

The corresponding test could generate its own pair, start the endpoint with the given setting, and verify that the key is issued by the correct issuer.

WDYT?

hauleth commented 3 years ago

Sounds like a solution.

sasa1977 commented 3 years ago

Cool! Care to submit a PR?