Allow usage of externally supplied TLS config #1685
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Name of feature:
Externally supplied TLS config for usage by step-ca service.
Pain or issue this feature alleviates:
Step-ca currently makes the assumption that the TLS config/certificate for the server itself would be signed by the same x509 CA used to sign client certificates (via acme, scep etc). This assumption might not scale to all environments - where enterprises may use different CAs for Client and Server side ecosystem.
This PR makes a simple patch by allowing the *tls.Config to be supplied as an Option to the CA interface.
Is there documentation on how to use this feature? If so, where?
Not yet - but happy to update the tests, include examples in the sample application and documentation if this feature is of interest.
Tests
💔Thank you!