Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sign() to return PEM instead? #16

Open
FGasper opened this issue Jan 20, 2016 · 3 comments
Open

sign() to return PEM instead? #16

FGasper opened this issue Jan 20, 2016 · 3 comments

Comments

@FGasper
Copy link
Contributor

FGasper commented Jan 20, 2016

ISTM PEM is a more useful format than DER once we actually have the certificate. I believe every service I know of expects to read in certificates as PEM … ?

According to the spec:

The default format of the certificate is DER (application/pkix-cert). The client may request other formats by including an Accept header in its request.

Per:
https://pki-tutorial.readthedocs.org/en/latest/mime.html
… the MIME type for a PEM cert is either “x-x509-user-cert” or “x-pem-file”

@sludin
Copy link
Owner

sludin commented Jan 20, 2016

This is a great question. I missed that part of the spec. I'll play around with boulder and see what it can do. Otherwise, my thought was to always return one form or another and use the der2pem or vice versa to convert if you want the other.

@FGasper
Copy link
Contributor Author

FGasper commented Jan 20, 2016

Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.

@sludin
Copy link
Owner

sludin commented Jan 20, 2016

Great point.

From: FGasper notifications@github.com
Reply-To: sludin/Protocol-ACME reply@reply.github.com
Date: Tuesday, January 19, 2016 at 10:27 PM
To: sludin/Protocol-ACME Protocol-ACME@noreply.github.com
Cc: Stephen Ludin sludin@ludin.org
Subject: Re: [Protocol-ACME] sign() to return PEM instead? (#16)

Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.


Reply to this email directly or view it on GitHub.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants