Opened 9 years ago

Last modified 4 years ago

#241 new enhancement

Pony CSR integration

Reported by: ezyang Owned by:
Priority: normal Milestone:
Component: pony Keywords:
Cc:

Description (last modified by mitchb)

Pony should allow users to request CSRs for their hostnames. We could even have it generate the CSR automatically, although there are some security implications here.

Change History (6)

comment:1 Changed 9 years ago by mitchb

  • Description modified (diff)

comment:2 Changed 9 years ago by geofft

We may want to encourage people to use the *.scripts.mit.edu certificate instead, as it is GeoTrust?-signed for them for free.

But on the flip side, this would be a good way to get people with outside domain names to know that they can use SSL with their sites -- we should have a documented and obvious way to ask scripts for a CSR.

comment:3 Changed 9 years ago by ezyang

  • Component changed from internals to pony

comment:4 Changed 4 years ago by andersk

There is now a backend through which the pony user can request CSRs (r2834):

/bin/sudo /etc/pki/tls/gencsr-pony LOCKER HOSTNAME [HOSTNAME…]

Anyone want to give it a frontend?

Last edited 4 years ago by andersk (previous) (diff)

comment:5 Changed 4 years ago by jakobw

I wrote a frontend - it is available at https://pony.jakobw.scripts.mit.edu:444

Currently the command used to generate certificates is echo instead of sudo but other functionality should work.

Can anyone take a look?

comment:6 Changed 4 years ago by jakobw

Now with certificate submission as well. Code available at https://github.com/jakob223/scripts-pony/tree/CSR

Note: See TracTickets for help on using tickets.