Stefan Eissing on Nostr: How Apache ACME (mod_md) gets you a new certificate: 1. all ACME communication are ...
How Apache ACME (mod_md) gets you a new certificate:
1. all ACME communication are done as unprivileged user
2. all certificates from the CA are parsed as unpriviledged user before storing them
3. activation, as priviledged user, parses again before replacing production as a last fail safe.
Since 2017.
Typical over-engineering. What are the chances a CA sends you a borked file?
Published at
2024-07-22 09:12:39Event JSON
{
"id": "a7841cd28787fa597832c51a365c75335aa18bc6ae3d60399e18fefd1b87f984",
"pubkey": "f173ca7ed8f3adf61d35abb4915401c1d01b59463e62ab7afdac428612559580",
"created_at": 1721639559,
"kind": 1,
"tags": [
[
"proxy",
"https://chaos.social/users/icing/statuses/112829370177074835",
"activitypub"
]
],
"content": "How Apache ACME (mod_md) gets you a new certificate:\n\n1. all ACME communication are done as unprivileged user\n2. all certificates from the CA are parsed as unpriviledged user before storing them\n3. activation, as priviledged user, parses again before replacing production as a last fail safe.\n\nSince 2017.\n\nTypical over-engineering. What are the chances a CA sends you a borked file?",
"sig": "7e5205e13d70e9920e8d4bc2ab0727deca6379b972a15327aeda05570fb877dada59fd95073f8e9aff0df95bb0d5c67365314914b431543663136c2a690b5c48"
}