Open plinss opened 2 years ago
@plinss As a clarification, the file will have the intermediate cert too, it will look like:
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
We can also consider to do a couple more things too:
step ca certificate localhost
step crypto key format
can switch between those.@maraino Yes, that's what I'd expect the file to contain (and what restic requires).
Your suggestions seem useful as well (though I don't personally have a need for that at the moment).
Hello!
Issue details
It's not common, but some applications, like restic, require the private key to be in the same file as the certificate when using client certificates.
It would be nice if step could generate combined files like that for both certificate generation and renewal.
One suggestion is to detect when the cert file and key file are the same path (currently step simply replaces the cert chain with the private key in this case). Another option would be to do this when the private key file is omitted from the command line.
Why is this needed?
When automating certificate renewal for applications that require all certificate materials to be in a single file, this would eliminate the need for adding additional steps in combining files.