Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to resign certificates #19

Closed
mathiasertl opened this issue Apr 5, 2017 · 2 comments
Closed

Add ability to resign certificates #19

mathiasertl opened this issue Apr 5, 2017 · 2 comments

Comments

@mathiasertl
Copy link
Owner

We have the CSR, so django-ca should be able to just resign certificates via webinterface or CLI.
@redNixon
Copy link

While planning for a new feature to allow cert generation and/or arbitrary CA's to have "approvers" for signing, this feature essentially came along for free.

Securely doing this(as well as hardening the current signing method) requires changes will break already deployed instances. Without also pushing the next feature on my list at the same time("clustered" setups with more formalized trust segregation between the web, requester and signer parts), I can't think of a great way to generate private keys in a way that everyone would be happy with.

Based on the current structure and the ability to determine the authenticity of the subject data in the database, resigning seems too dangerous without having a human inspect the subject and key usage.

@mathiasertl
Copy link
Owner Author

possible since 1.10.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@redNixon @mathiasertl