Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use multiple CAs instead of a single self-signed root CA #327

Open
wants to merge 3 commits into
base: humble
Choose a base branch
from
Open

Use multiple CAs instead of a single self-signed root CA #327

wants to merge 3 commits into from

Conversation

Santti4go
Copy link

@Santti4go Santti4go commented Dec 18, 2024
edited
Loading

Ticket #328

I added a new (optional) flag for the create_keystore command: --split-CA
This flag changes the Certificate Authorities structure creating two new CAs (Permissions CA and Identity CA) instead of using the same self-signed root CA with symlinks.
This is an optional flag and does not change default behavior.

More details in the ticket #328

Note

I still need to sign both new CAs with root CA

@Santti4go Santti4go mentioned this pull request Dec 18, 2024
Open
@Santti4go
Fixes flake8
3b7db55 
Signed-off-by: Santti4go <[email protected]>
@Santti4go Santti4go changed the title Use multiple CAs instead of a single self-signed root CA [DRAFT] Use multiple CAs instead of a single self-signed root CA Dec 19, 2024
fujitatomoya
fujitatomoya reviewed Dec 19, 2024
View reviewed changes
Copy link
Contributor

@fujitatomoya fujitatomoya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think these kind of new arguments or feature need to be supported in rolling 1st, and then we can consider backport for already released distros including humble.

@Santti4go
Copy link
Author

i think these kind of new arguments or feature need to be supported in rolling 1st, and then we can consider backport for already released distros including humble.

Sure, I targeted Humble because it's the branch I'm working on.
If we agree this is a feature we want to add I'll happily target Rolling instead.
WDYT? Do I have green light?

@fujitatomoya
Copy link
Contributor

to be honest, i am not sure. having this optional mode seems to be okay but i do not really maintain this repository. @mikaelarguedas could you take a look or ping someone else here?

@Santti4go
Copy link
Author

Friendly ping @mikaelarguedas

I've made a few more changes on my end. If we agree this is something we want to support I would happily push them here and target Rolling and then backport it. Let me know what you think.

@Santti4go Santti4go changed the title [DRAFT] Use multiple CAs instead of a single self-signed root CA Use multiple CAs instead of a single self-signed root CA Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fujitatomoya fujitatomoya fujitatomoya left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Santti4go @fujitatomoya