Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New config option tls.dump_cert #2528

Closed
wants to merge 1 commit into from
Closed

New config option tls.dump_cert #2528

wants to merge 1 commit into from

Conversation

furkanmustafa
Copy link

This option adds support for dumping auto generated, self-signed certificate into a file in specified path.

Please let me know if I should improve variable/conf naming, or any part of the code at all.

@furkanmustafa
New config option tls.dump_cert
f9ffa95 
This option adds support for dumping auto generated, self-signed
certificate into a file in specified path.

Signed-off-by: Furkan Mustafa <furkan@rainlab.co.jp>
@CLAassistant
Copy link

CLAassistant commented Mar 17, 2019
edited

CLA assistant check
All committers have signed the CLA.

mholt
mholt requested changes Mar 17, 2019
View reviewed changes
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

But... hmm, I think I would like to approach this differently. (Would have been a good idea to open an issue to discuss the implementation first!)

There is an issue where self-signed certs aren't properly served up for sites defined like :2015 because there is no hostname.

I wonder if it would be better to persist a self-signed root cert and then issue for individual hostnames instead.

@furkanmustafa
Copy link
Author

Sorry for sending without discussion first. This was required for my case and worked for me (I'm using my fork).

Feel free to close without merge. We(somebody?) can re-introduce with proper planning.
Because I'm not good with golang and just hacked this with 30 google searches :D

Also, I believe that there should also be an option to provide a CA key/cert, for self-signing certificates, so user can just set one CA certificate as trusted, and caddy can just re-issue as many signed certificates as necessary. I guess that'd even (partially) cover for the issue you've mentioned. And that'd also eliminate my need for extracting the issued certificate.

@mholt
Copy link
Member

mholt commented Jul 18, 2019

Closing since Caddy 2 approaches this differently. Thanks for the contribution!

@mholt mholt closed this Jul 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mholt mholt mholt requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@furkanmustafa @CLAassistant @mholt