Feature #354

Feature requests for acf-openssl

Added by Duane Hughes over 1 year ago. Updated 4 months ago.

Status:Closed Start date:05/31/2010
Priority:Normal Due date:
Assignee:Luke Stuart % Done:

100%
Category:ACF
Target version:Alpine 2.3.0

Description

  1. Please can a field be added to the Defaults and Request form for certificates to allow a requestor to specify a custom certificate validity period? This would use the -days xxxx option.
  2. Would also be nice to have a button or area where you can download the CA cert file.
  3. Might also be nice to give a field or drop-down list where you could specify/choose an encryption bit (eg: 1024, 2048) to encode certificate with.

Thanks!

Related issues

duplicated by Alpine Linux - Feature #679: Ability to download CA public part at openssl acf Closed 06/08/2011

History

#1
Updated by Luke Stuart about 1 year ago

  • Assignee changed from Ted Trask to Luke Stuart

#2
Updated by Duane Hughes about 1 year ago

Additional comments on the above requests:

Point 2: I think it would be nice to have a Download Certificate button on the Status tab that downloads /etc/ssl/cacert.pem.

Point 3: On point 3 above, disregard encryption bit 1024, as that is considered too weak and is no longer supported. Best to just list 2048 and 4096. (Maybe list higher bits than that as well?) This is used for the "openssl genrsa/gendsa -out privkey.pem 2048" command.

#3
Updated by Luke Stuart about 1 year ago

  • % Done changed from 0 to 50

#4
Updated by Luke Stuart about 1 year ago

  • % Done changed from 50 to 80

#5
Updated by Ted Trask 7 months ago

Added patch http://git.alpinelinux.org/cgit/acf-openssl.git/commit/?id=8123dd0d02083d8bea32fde1fbe25d9fa374d069

Outstanding issues:
1) model.getpem allows you to download any file in /etc/ssl, which is a security hole. Is there a reason for allowing the user to pass in a filename at all? Why not change controller.downloadpem to controller.downloadcacert and model.getpem to model.getca? Then, you just give them the CA PEM (the model already knows the path). This is similar to how getcrl works.
2) Should we allow the user to specify DER or PEM format for the CA cert? We do so for the CRL.
3) model.getpem reports CA PEM as application/x-pkcs12 when it should be application/x-x509-ca-cert

#6
Updated by Ted Trask 4 months ago

  • Target version set to Alpine 2.3.0

#7
Updated by Ted Trask 4 months ago

  • Status changed from New to Resolved
  • % Done changed from 80 to 100

Complete with commit 43434015880555c2df7d46048ba5ea20c934b7f4

#8
Updated by Natanael Copa 4 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF