You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On Sat, Apr 20, 2019, 07:23 Justin ***@***.***> wrote:
Hi!
Would you accept a PR that adds an option to fill in PermittedDNSDomains?
I verified it works if I just add 2 lines to the template:
PermittedDNSDomainsCritical: true,
PermittedDNSDomains: []string{".local", ".me.dev"},
Then if I try to generate a cert for google.com it fails validation:
$ ./minica -domains google.com
$ openssl verify -CAfile minica.pem google.com/cert.pem
CN = google.com
error 47 at 0 depth lookup: permitted subtree violation
error google.com/cert.pem: verification failed
It'll take a bunch of changes to pass a new CLI option all the way up to
makeRootCert
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#26>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABVYLM6EJY5NQWJ7VOGQH3PRMQ6PANCNFSM4HHJYFPQ>
.
I have.. minica is what I'm looking for (easy ssl certs for local services and IoT crap). mkcert has the same issue with not being able to limit the scope of the CA anyway.
Hi!
Would you accept a PR that adds an option to fill in PermittedDNSDomains?
I verified it works if I just add 2 lines to the template:
Then if I try to generate a cert for google.com it fails validation:
It'll take a bunch of changes to pass a new CLI option all the way up to
makeRootCert
The text was updated successfully, but these errors were encountered: