This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
A small HTTPS API that accepts X509 CSRs and signs them if they
contain the magic number.
Modelled on the Puppet CA "Policy-based autosigning" functionality,
but without the rest of Puppet
[ This README is speculative ]
---
DOMAIN="/C=GB/ST=London/L=London/O=Telent"
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -subj "${DOMAIN}/CN=CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr -subj "${DOMAIN}/OU=devices/CN=rotuer"
https://www.puppet.com/docs/puppet/7/ssl_attributes_extensions#csr_custom_attributes-recommended-oids-custom-attributes
Custom attributes can use any public or site-specific OID, with the exception of the OIDs used for core X.509 functionality. This means you can’t re-use existing OIDs for things like subject alternative names.
One useful OID is the challengePassword attribute — 1.2.840.113549.1.9.7. This is a rarely-used corner of X.509 that can easily be repurposed to hold a pre-shared key.
Daniel Barlow
8a7287d552