infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity
Files
5c819ef120e7f95878038dea4c0d103df9c00a2a
kubernetes/step-ca/intermediate_ca.crt
Dustin C. Hatch 3ba83373f3 step-ca: Re-deploy (again) with DCH CA R2 
Although most libraries support ED25519 signatures for X.509
certificates, Firefox does not.  This means that any certificate signed
by DCH CA R3 cannot be verified by the browser and thus will always
present a certificate error.

I want to migrate internal services that do not need certificates
that are trusted by default (i.e. they are only accessed programatically
or only I use them in the browser) back to using an internal CA instead
of the public *pyrocufflink.net* wildcard certificate.  For applications
like Frigate and UniFi Network, these need to be signed by a CA that
the browser will trust, so the ED25519 certificate is inappropriate.
Thus, I've decided to migrate back to DCH CA R2, which uses an EdDSA
signature, and can therefore be trusted by Firefox, etc.
2024-04-05 13:03:34 -05:00

14 lines
765 B
Plaintext
Raw Blame History

-----BEGIN CERTIFICATE-----
MIICCTCCAa+gAwIBAgIUZx82NjARN6f1jWUlq/mvaF7oscEwCgYIKoZIzj0EAwIw
QDELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDEXMBUGA1UE
AwwORENIIFJvb3QgQ0EgUjIwHhcNMjMxMDE2MDU0MTA4WhcNMjYxMDE2MDU0MTA4
WjAUMRIwEAYDVQQDEwlkY2gtY2EgUjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AAQ1rK98igj6Y5lbeP8HS1zqQCtkcmz8uk1jp4VgznWT3Q8BanjA55UHQi/xx4xz
BYu4QIkJhtqcR5a7YXSr7fQvo4GyMIGvMB0GA1UdDgQWBBQGy1GZZxrCjGDiIGdR
YhTMZZqhkTAfBgNVHSMEGDAWgBTM+d8kb1koGmKRtJs4gN9zYa+6oTASBgNVHRMB
Af8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBhjBMBggrBgEFBQcBAQRAMD4wPAYIKwYB
BQUHMAKGMGh0dHBzOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1yb290
LWNhLmNydDAKBggqhkjOPQQDAgNIADBFAiEAovkqUlWkbRXsoHrDv1AfHdox9gS2
Fdq9wKfDk7H/aPoCIDs4CJBhdPh/a+HZZRQWxBTT3KbbdXAaiT+g/VyD+0qt
-----END CERTIFICATE-----
View Git Blame Copy Permalink