sign() to return PEM instead?

[FGasper]

ISTM PEM is a more useful format than DER once we actually have the certificate. I believe every service I know of expects to read in certificates as PEM … ?

According to the spec:

The default format of the certificate is DER (application/pkix-cert). The client may request other formats by including an Accept header in its request.

Per:
https://pki-tutorial.readthedocs.org/en/latest/mime.html
… the MIME type for a PEM cert is either “x-x509-user-cert” or “x-pem-file”

[sludin]

This is a great question. I missed that part of the spec. I'll play around with boulder and see what it can do. Otherwise, my thought was to always return one form or another and use the der2pem or vice versa to convert if you want the other.

[FGasper]

Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.

[sludin]

Great point.

From: FGasper notifications@github.com
Reply-To: sludin/Protocol-ACME reply@reply.github.com
Date: Tuesday, January 19, 2016 at 10:27 PM
To: sludin/Protocol-ACME Protocol-ACME@noreply.github.com
Cc: Stephen Ludin sludin@ludin.org
Subject: Re: [Protocol-ACME] sign() to return PEM instead? (#16)

Note that it is (slightly) easier to do pem2der() than to do der2pem(), as the latter requires an extra piece of information.

—
Reply to this email directly or view it on GitHub.