Open FGasper opened 8 years ago
This is a great question. I missed that part of the spec. I'll play around with boulder and see what it can do. Otherwise, my thought was to always return one form or another and use the der2pem or vice versa to convert if you want the other.
Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.
Great point.
From: FGasper notifications@github.com Reply-To: sludin/Protocol-ACME reply@reply.github.com Date: Tuesday, January 19, 2016 at 10:27 PM To: sludin/Protocol-ACME Protocol-ACME@noreply.github.com Cc: Stephen Ludin sludin@ludin.org Subject: Re: [Protocol-ACME] sign() to return PEM instead? (#16)
Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.
— Reply to this email directly or view it on GitHub.
ISTM PEM is a more useful format than DER once we actually have the certificate. I believe every service I know of expects to read in certificates as PEM … ?
According to the spec:
Per: https://pki-tutorial.readthedocs.org/en/latest/mime.html … the MIME type for a PEM cert is either “x-x509-user-cert” or “x-pem-file”