GithubHelp home page GithubHelp logo

Comments (2)

maraino avatar maraino commented on September 26, 2024 1

Hi @mirex05, this is definitively a bug. Are you trying to set the template data or just a template?

If it is a template, it probably should be:

{
  "subject": {
    "country": "US",
    "organization": "ACME Corp",
    "organizationalUnit": "ACME Team",
    "commonName": {{ toJson .Subject.CommonName }}
  },
{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
  "keyUsage": ["keyEncipherment", "digitalSignature"],
{{- else }}
  "keyUsage": ["digitalSignature"],
{{- end }}
  "extKeyUsage": ["serverAuth", "clientAuth"]
}

The "issuer" will always be overwritten when we sign the certificate, so you don't really need it. The common name should be without quotes because you are using toJson, and the key usage keyEncipherment is only for RSA keys.

It doesn't make sense to use the template data without a template. The template data is information that you add in the ca.json that can be consumed by a template, for example, with this template data:

"templateData": {
  "country": "US",
  "organization": "Acme Corp.",
  "organizationalUnit": "Coyote"
}

You can create a template that sets the subject like this:

{
  "subject": {
    "country": {{ toJson .country }},
    "organization": {{ toJson .organization }},
    "organizationalUnit": {{ toJson .organizationalUnit }},
    "commonName": {{ toJson .Subject.CommonName }}
  },
{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
  "keyUsage": ["keyEncipherment", "digitalSignature"],
{{- else }}
  "keyUsage": ["digitalSignature"],
{{- end }}
  "extKeyUsage": ["serverAuth", "clientAuth"]
}

The toJson function is not really required. You can do "{{ .country }}", but it sanitizes the data in the variables so nothing unexpected is injected.

from cli.

mirex05 avatar mirex05 commented on September 26, 2024

Hi @maraino, currently it's only a lab before setting up step CA to production, so i just doing some experiments and see how it works. Thanks for detailed explanation about the difference between template and template data, now it's definitely clear to me what should i use.

from cli.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.