Intermediate CA
seveas opened this issue · 4 comments
seveas commented
These days most actual certs are signed by intermediate CA's, and certificate chain issues are common failures. Would you accept a pull request that adds intermediate CA functionality to trustme?
njsmith commented
Yeah, I'm imagining it'd be something like
root_ca = CA()
intermediate_ca = root_ca.create_child_ca()
server_cert = intermediate_ca.issue_server_cert()
?
This is actually why ServerCert
has a cert_chain_pem
attribute, even though currently the chain is always exactly 1 entry long... future proofing in case of adding this feature :-)
njsmith commented
On further thought, maybe it would be better to keep the cert chain as a list of PEM blobs, instead of concatenating it together into one big blob.
njsmith commented
We now provide the cert chain as a list of blobs, so this would be even more straightforward.