This repository has been archived by the owner on Apr 24, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 191
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove proactive issuance & csr-first new-order. (#342)
* Remove proactive issuance & csr-first new-order. This commit implements the proposed replacement of proactive issuance and the "CSR first" new-order flow proposed on the ACME mailing list[0]. Mentions of proactive issuance are removed. The CSR field of the order object is removed. A new "finalizeURL" field is added to the order object. A new "identifiers" field is added to the order object. Issuance process is updated to describe submitting identifiers in the new-order request and POSTing a CSR to the order's finalizeURL. [0] https://mailarchive.ietf.org/arch/msg/acme/DIjJEB06J5cFyuOlGPVcY2I51vg * Don't use overloaded 'order' word * Clarify CSR must match order idents exactly * Cleanup & further harmonization. This commit: * updates the Action,Request,Response table for the finalization process. * updates the example order object with a certificate URL to be status "valid" (since a cert has been issued) * clarifies the finalization language w.r.t errors * updates the registry of order fields to capture the finalizeURL * Update Order Objects example JSON * Clarify wildcard DNS identifier requirements in new-order. The spec should be more precise about the fact that a wildcard identifier is specific to DNS type identifiers and must follow the conventions of the web PKI w.r.t number & placement of wildcard characters. * Refine wildcard ident value clarification. This commit incorporates feedback from @jsha (thanks!) refining the wildcard identifier value clarification.
- Loading branch information
1 parent
cfefa19
commit 418ad40
Showing
1 changed file
with
94 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters