Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for aws private ca #1092

Open
tuananh opened this issue Apr 3, 2023 · 1 comment
Open

support for aws private ca #1092

tuananh opened this issue Apr 3, 2023 · 1 comment
Labels
question Further information is requested

Comments

@tuananh
Copy link
Contributor

tuananh commented Apr 3, 2023

Question

Is there any plan to add support for Aws private CA? I saw gcp CA is supported but not AWS private CA.

https://aws.amazon.com/private-ca/
@tuananh tuananh added the question Further information is requested label Apr 3, 2023
@haydentherapper
Copy link
Contributor

Hey! We aren’t prioritizing support right now but are open to PRs!

Happy to give pointers to help with the implementation. Implement the CertificateAuthority interface, https://github.com/sigstore/fulcio/blob/main/pkg/ca/ca.go#L28, and if possible, the EmbeddedSCTCA interface, https://github.com/sigstore/fulcio/blob/main/pkg/ca/embeddedca.go#L27, which enables support for the CT log. The latter requires that AWS Private CA support setting the certificate’s serial number and expiration (not before, not after), since you have to sign the certificate twice (GCP CA Service did not support this).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tuananh @haydentherapper