Opened 13 years ago
Last modified 7 years ago
#241 new enhancement
Pony CSR integration
Reported by: | ezyang | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | pony | Keywords: | |
Cc: |
Description (last modified by mitchb)
Pony should allow users to request CSRs for their hostnames. We could even have it generate the CSR automatically, although there are some security implications here.
Change History (6)
comment:1 Changed 13 years ago by mitchb
- Description modified (diff)
comment:2 Changed 13 years ago by geofft
comment:3 Changed 13 years ago by ezyang
- Component changed from internals to pony
comment:4 Changed 8 years ago by andersk
There is now a backend through which the pony user can request CSRs (r2834):
/bin/sudo /etc/pki/tls/gencsr-pony LOCKER HOSTNAME [HOSTNAME…]
Anyone want to give it a frontend?
comment:5 Changed 7 years ago by jakobw
I wrote a frontend - it is available at https://pony.jakobw.scripts.mit.edu:444
Currently the command used to generate certificates is echo instead of sudo but other functionality should work.
Can anyone take a look?
comment:6 Changed 7 years ago by jakobw
Now with certificate submission as well. Code available at https://github.com/jakob223/scripts-pony/tree/CSR
We may want to encourage people to use the *.scripts.mit.edu certificate instead, as it is GeoTrust?-signed for them for free.
But on the flip side, this would be a good way to get people with outside domain names to know that they can use SSL with their sites -- we should have a documented and obvious way to ask scripts for a CSR.