New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for CSRs (Certificate Signing Requests) #55
Conversation
Hi! Thanks for contributing. Can you tell me a bit about when and why you needed this? I'm trying to keep mkcert a focused tool, and CSR support adds complexity and documentation needs. Just trying to understand if this fits in the mkcert target use case. |
Sure, I can. |
Hi @FiloSottile, |
Hi @FiloSottile, like @gregorwolf said, CSR support would be of great help. Please please accept this PR. I would really appreciate that! |
PublicKeyAlgorithm: csr.PublicKeyAlgorithm, | ||
Version: csr.Version, | ||
Extensions: csr.Extensions, | ||
ExtraExtensions: csr.ExtraExtensions, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not going to work: ExtraExtensions
is for marshaling and Extensions
is for parsing, so csr.ExtraExtensions
will be empty and tpl.Extensions
will be ignored.
But if you set tpl.ExtraExtensions
to csr.Extensions
, there's no need to copy all the SAN values below because all requested extensions will be copied.
Mailed https://go-review.googlesource.com/c/go/+/160898 to improve the docs.
Implemented this with the same Thanks for the details on the use case! |
This pull request adds another flag to mkcert: use
mkcert -csr some.csr
to sign a CSR using the current CA.I can make changes, if you don't like the code. Let me know.