cloud-init

cloud-init: Add support for certmonger

Bug #1865352 reported by Graham Leggett
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Expired
Undecided
Unassigned

Bug Description

This is a request to integrate certmonger with cloud-init, such that certificates can be requested and provisioned as part of the initialisation process.

Possible sample configuration:

certs:
  Redwax Interop:
    type: scep
    url: http://interop.redwax.eu/test/simple/scep
    requests:
    - certificate: /etc/pki/interop/test.example.com.cert
      key: /etc/pki/interop/test.example.com.key
      key-type: rsa
      key-bits: 4096

and so on, corresponding to the following commands:

getcert add-scep-ca -c "Redwax Interop" -u http://interop.redwax.eu/test/simple/scep
getcert request -f /etc/pki/interop/test.example.com.cert -k /etc/pki/interop/test.example.com.key -c "Redwax Interop" -I test.example.com -D test.example.com -G rsa -g 4096 -u digitalSignature -u keyEncipherment -L challenge

Revision history for this message
Ryan Harper (raharper) wrote :

Hi,

Thanks for filing this bug. Would you be interested in contributing to cloud-init?

https://cloudinit.readthedocs.io/en/latest/topics/hacking.html

Revision history for this message
Graham Leggett (minfrin) wrote :

I have very basic python skills, so this may take a while.

In the mean time I have been fixing certmonger itself, as it contains a number of limitations that prevent it being possible to issue certs from private CAs.

Paride Legovini (paride)
Changed in cloud-init:
status: New → Triaged
Revision history for this message
James Falcon (falcojr) wrote :

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/3614

Changed in cloud-init:
status: Triaged → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.