On 06/12/2015 02:38 PM, Amir Chaudhry wrote:
On 12 Jun 2015, at 11:32, Hannes Mehnert <[email protected]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Hey,
On 06/12/2015 10:10, Mindy wrote:
We don't have a nice way to generate certificate signing requests
or self-signed certificates ourselves yet, right? I'm writing up
a thing on getting HTTPS up and running with mirage-seal and those
are places where I have to say "invoke openssl or your favorite
alternative, but we got nothin' for you".
If I'm incorrect, I'd appreciate a pointer on where to go looking.
:)
It is currently not possible to generate certificate signing requests
(as defined in PKCS10), but generation of self-signed certificates is
possible (not in released X.509, only on master):
https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L117-L140
I'll try to add generation of CSRs to X.509 this weekend.
That would be great. Would this be available via the command line?
Please do let us know when it’s ready and we can update the instructions.
I have a *very* small utility that generates self-signed certificates
and CSRs, which you can check out at
https://github.com/yomimono/ocaml-certify (look at the "naming" branch,
which uses a bunch of unreleased upstream stuff). I just used it to
generate a CSR and key that gandi.net signed with no complaints; I'm
using that cert and key to power https://dashcon2015.com, which is
running a unikernel generated with mirage-seal in ec2. Yay!
As an aside, working with x509 and nocrypto was a total joy and doing
what I needed to do was very straightforward.
-Mindy
_______________________________________________
MirageOS-devel mailing list
[email protected]
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
