Closed venkyg-sec closed 7 months ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Name of feature:
Externally supplied TLS config for usage by step-ca service.
Pain or issue this feature alleviates:
Step-ca currently makes the assumption that the TLS config/certificate for the server itself would be signed by the same x509 CA used to sign client certificates (via acme, scep etc). This assumption might not scale to all environments - where enterprises may use different CAs for Client and Server side ecosystem.
This PR makes a simple patch by allowing the *tls.Config to be supplied as an Option to the CA interface.
Is there documentation on how to use this feature? If so, where?
Not yet - but happy to update the tests, include examples in the sample application and documentation if this feature is of interest.
Tests
💔Thank you!