Feature Request: add option to provide own root certificate

Question

Feature Request: add option to provide own root certificate

hauleth opened this issue 4 years ago · 3 comments

I have my own "small CA" that I ran on my machine for development. It is already added as a root cert, so it would be handy to be able to reuse that one instead of being forced to add exceptions for each application independently for internal ACME server.

Answer 1 · 2021-03-18T22:29:17.000Z

I think this is a wonderful idea!

Currently to run the internal ACME server we pass {:internal, port: xyz}. This could be expanded with an optional :ca setting (defaults to nil), which should be propagated to this code, where the pair is used if provided, or generated if not.

The corresponding test could generate its own pair, start the endpoint with the given setting, and verify that the key is issued by the correct issuer.

WDYT?

Answer 2 · 2021-03-18T22:40:43.000Z

Sounds like a solution.

Answer 3 · 2021-03-18T22:43:20.000Z

Cool! Care to submit a PR?