weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Bundle the CA public key in issued certificate

Browse Source 
If the CA used is only an intermediate CA, and the root CA is trusted by
the client, the client needs help verifying the certificate chain.
This commit is contained in:
William Johansson 2018-02-18 21:28:22 +01:00
parent e1aa30e467
commit 6ff1746898
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/issuer/ca/issue.go
View File

@ -151,5 +151,12 @@ func signCertificate(crt *v1alpha1.Certificate, issuerCert *x509.Certificate, pu
if err != nil {
return nil, nil, fmt.Errorf("error encoding certificate PEM: %s", err.Error())
}
// bundle the CA
err = pem.Encode(pemBytes, &pem.Block{Type: "CERTIFICATE", Bytes: issuerCert.Raw})
if err != nil {
return nil, nil, fmt.Errorf("error encoding issuer cetificate PEM: %s", err.Error())
}
return pemBytes.Bytes(), cert, err
}