Dustin C. Hatch
3ba83373f3
Although most libraries support ED25519 signatures for X.509 certificates, Firefox does not. This means that any certificate signed by DCH CA R3 cannot be verified by the browser and thus will always present a certificate error. I want to migrate internal services that do not need certificates that are trusted by default (i.e. they are only accessed programatically or only I use them in the browser) back to using an internal CA instead of the public *pyrocufflink.net* wildcard certificate. For applications like Frigate and UniFi Network, these need to be signed by a CA that the browser will trust, so the ED25519 certificate is inappropriate. Thus, I've decided to migrate back to DCH CA R2, which uses an EdDSA signature, and can therefore be trusted by Firefox, etc.
23 lines
2.4 KiB
YAML
23 lines
2.4 KiB
YAML
apiVersion: bitnami.com/v1alpha1
|
|
kind: SealedSecret
|
|
metadata:
|
|
name: step-ca
|
|
namespace: step-ca
|
|
labels:
|
|
app.kubernetes.io/name: step-ca
|
|
app.kubernetes.io/component: step-ca
|
|
app.kubernetes.io/instance: step-ca
|
|
app.kubernetes.io/part-of: step-ca
|
|
spec:
|
|
encryptedData:
|
|
intermediate_ca.key: AgBArqvWXQHJwubw/7jOBtErH4BNpq+B1nsoTuhsmmE7COhRROko9wwYcfLfeJHkul1uXmp6JNmAde2xs6uJlbHwTDIRlUld2tAo2O20PHaDNq8/poqkk7LNnvjbwC73tul+Gxiot8WEfFM4eP98wYHePrX6q0/LAzyH/6Js8YgBKzLt4sIRi5E49m0C2s9uy5u1e3DcHNZTIlkntYi8zNmk+QEBHkqkeqvdGZ+yqH5e78AasF4qPfKw7WoFm3PH2/tKRfDpBXfvdTxrRy9FzqmmhdGVmbaeQcJ+Yl8H6qNd1BiqpAPkIDwAC9/LfH4Sd/iM59TdeOKsZpvEJZOyWLm1KbJz13wPfnGs/QvArwtuA95UQfzPYGFx9qur/nz3nsBvTvqFyAU+QHGSOnjig5ZppIb+Yr9foWuSqDV0qcfXEdjLzyc19lzS1e+itRLR1414Maaru4poPcg7xUQCs88oGvYAUi27p8xRXynGXtZwTK/GSWXFGxkzw1DtVcbGa/P23sCSnMLOsrajvvJYD2aCHZ6fKSUT+tddCoZhohM112uA6wNWBUx00uFgWUGZloe6MPVHnCStAwBxClXi+pREnSEk091nuSYzsTZarweUOJs8tLO2g2bEQ2BQCsCMbkNLjc6SSJa+Lu2Yb7uCUdwbLAZDf289f8SGmzsf/C7/Xbcmu0smrf5bb6ZUnacrWtCgrnPRJNMSXCY51awo3cj9c3X/v6pQVbjj+fTxDUIIaI9OcfvPJksapgsR8Olqffi8SlN3fvETOmVGVNAK11xy7qMmpz9Fck3z93NXUDNHMxteVic+8aHZgwv4wh+ixMldtCBiGWciavKWd7APSQjyvDwT4tTIi7QWa78+CBz/0Z3eDwDUHt5ryXlWeYRufrOTsGQJ9cfQgr8STgC00oghUaAtZ8y3cIOdVrwDCe1Yi9Dp2KlxzLLa+zYdagbmb8ygOZg65yW0Oy3q+sD1MSkrUQi/RDPjRB8kF+4t2MIZ00jQ7geIkhnh3TvislEqHbV5ZjKBZ2Gw4An+q4CB4EtM0DYKGGw7xvPyCqvs9E7WzSxyGL8+dNkEw/jASoHwJcufaXDXFgENuLn7OyCpsMMBZYti+V9SIOTNOQ==
|
|
password: AgAnwKicJ7yut9B3J22XYdqzGzHxh3kXCAozIZu9v1IxSTWb1txkF1aJM64ooog/IpUtoF88v6XzGTDDsAsbXtQbu7Y2s77zQXIOIj+Vri2kZAQyRdCDa70heUdPxo9haIizZvtJHH+dRxVqQ+YSXpPlbLag46RMvMHlUZjbPLxwTrOWVwHW2uVJJke7RiB99z1xOIV8nlD0NjdH9Ig1pnUikm4+GfiZBw/PjieYbjk5U8IABBfx1jjJPLFk2TlzsCyz8JyGr+Gf8DvCxRS43Wwtbn0ks2aFn/eZBMHK+XatjImtYSNUa4eIbjHD1RdQ03yZy83D8LdpYMl+z3PLYLrdIDkv7VBT875KjHoYGIMdjSkuNHuooOcdyJrN7bMRpODfzTXREoiY+4p1wHbLlOXOubxY/ULV6FAIMe9RSWVhmWMxV1INYwZuoNUr2pa29rBrIinF8Hc5Kcr2lhEZ9kpnrkC4MFpMjdW7QsOhpFnW2hIE2xWXc/vZgQ6q+8jJrMQwwrGcn+CEaFTSoVsXYaBwUnsOzMCNyHaNfyX03eQE9wNlXz0dppGoHJpb5ny+fviMhFS6kEXiieElRaTL8erGr0Ivtn+St5RaqD8mDpP36YrQ8YWpTMoyLSllRG4X1hiCorcjevZq2pJuP5+hs0HhtVW9vZS3iLGzHzjqyMJDvlml6Xd+AyvoylC38uncivF8NtHhIoeAgzlOZjYRxodPkLxAOfoVTlCzMexH+fsShwM=
|
|
template:
|
|
metadata:
|
|
name: step-ca
|
|
namespace: step-ca
|
|
labels:
|
|
app.kubernetes.io/name: step-ca
|
|
app.kubernetes.io/component: step-ca
|
|
app.kubernetes.io/part-of: step-ca
|