Skip to content

Let the step-ca server use different certificate types itself #1350

New issue
New issue
Open
Open
Let the step-ca server use different certificate types itself#1350
Labels
enhancementneeds triageWaiting for discussion / prioritization by team
Milestone
v0.29.1
@MacWeber

Description

@MacWeber
MacWeber
opened on Apr 16, 2023

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

From a past discussion:

Currently, the certificate for the step-ca server (HTTPS) cannot be changed, and it always uses an ECDSA P-256 key.

It would be really interesting to let the the users choose which certificate type the CA uses.

Why is this needed?

Some users may not consider P-256 the safest choice, then they may be willing to use a different certificate for the CA itself.
The certificate would make more sense if using the same type as the intermediate. If not, then the user should be allowed to decide which certificate certificate type the the step-ca server will use.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementneeds triageWaiting for discussion / prioritization by team

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions