Secret Generator: Implement core module for TLS certificate and key generator
Summary
Another piece of Secret Generator core module that implements a secret generator for self-signed TLS certificate and key. This is used to generate Secrets for self-signed TLS certificates.
The TLS certificate and key generator accepts four parameters:
- The algorithm which is used to generate the key pair with, for example RSA, ECDSA, and ED25519.
- The size of the key. The exact interpretation and range of the valid values depend on the algorithm. For example RSA keys use this parameter as the bit size, while ECDSA uses it as the bit size of the elliptic curve, e.g. 224, 256, 384, and 521, and ED25519 ignores it.
- The validity date range, that specify the start and end timestamp that the TLS certificate is valid.
- The subject which is X.509 certificate subject. For self-signed certificate this is also the issuer.
Acceptance criteria
-
An implementation of a secret generator for self-signed TLS certificate and key that supports at RSA, ECDSA, and ED25519 algorithms.
Further work
- This secret generator can also accept a list of domain names or IP addresses to use the certificate to identify specific hosts. This list is used by SNI extension.
References
Edited by Hossein Pursultani