sign() to return PEM instead?

sludin / Protocol-ACME

A perl library that provides a simple interface to writing scripts for cert provisioning with Let's Encrypt.

24 stars 7 forks source link

sign() to return PEM instead? #16

Open FGasper opened 8 years ago

FGasper commented 8 years ago

ISTM PEM is a more useful format than DER once we actually have the certificate. I believe every service I know of expects to read in certificates as PEM … ?

According to the spec:

The default format of the certificate is DER (application/pkix-cert). The client may request other formats by including an Accept header in its request.

Per: https://pki-tutorial.readthedocs.org/en/latest/mime.html … the MIME type for a PEM cert is either “x-x509-user-cert” or “x-pem-file”

sludin commented 8 years ago

This is a great question. I missed that part of the spec. I'll play around with boulder and see what it can do. Otherwise, my thought was to always return one form or another and use the der2pem or vice versa to convert if you want the other.

FGasper commented 8 years ago

Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.

sludin commented 8 years ago

Great point.

From: FGasper notifications@github.com Reply-To: sludin/Protocol-ACME reply@reply.github.com Date: Tuesday, January 19, 2016 at 10:27 PM To: sludin/Protocol-ACME Protocol-ACME@noreply.github.com Cc: Stephen Ludin sludin@ludin.org Subject: Re: [Protocol-ACME] sign() to return PEM instead? (#16)

Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.

— Reply to this email directly or view it on GitHub.