From 89dc8d1be022a3029eeff9a0e13cec061817e806 Mon Sep 17 00:00:00 2001 From: Arjan H Date: Sun, 8 Nov 2020 09:24:01 +0100 Subject: [PATCH] Default (first) issuer must be RSA when using CFSSL --- gui/certificate.go | 6 ++++-- gui/main.go | 9 ++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/gui/certificate.go b/gui/certificate.go index 6a4f408..5140d2b 100644 --- a/gui/certificate.go +++ b/gui/certificate.go @@ -45,8 +45,10 @@ func (ci *CertificateInfo) Initialize() { ci.KeyTypes["rsa4096"] = "RSA-4096" ci.KeyTypes["rsa3072"] = "RSA-3072" ci.KeyTypes["rsa2048"] = "RSA-2048" - ci.KeyTypes["ecdsa384"] = "ECDSA-384" - ci.KeyTypes["ecdsa256"] = "ECDSA-256" + if ci.IsRoot { + ci.KeyTypes["ecdsa384"] = "ECDSA-384" + ci.KeyTypes["ecdsa256"] = "ECDSA-256" + } ci.KeyType = "rsa4096" } diff --git a/gui/main.go b/gui/main.go index 41da3db..4356690 100644 --- a/gui/main.go +++ b/gui/main.go @@ -1363,7 +1363,9 @@ func _certCreate(w http.ResponseWriter, r *http.Request, certBase string, isRoot return false } - ci := &CertificateInfo{} + ci := &CertificateInfo{ + IsRoot: r.Form.Get("cert") == "root", + } ci.Initialize() ci.IsRoot = r.Form.Get("cert") == "root" ci.CreateType = r.Form.Get("createtype") @@ -1630,8 +1632,9 @@ func _helptext(stage string) template.HTML { "you can either generate a fresh certificate or import an existing one, as long as it is signed by\n", "the Root CA from the previous step.

\n", "

If you want to generate a certificate, by default the same key type and strength is selected as\n", - "was chosen in the previous step when generating the root, but you may choose a different one. By\n", - "default the common name is the same as the CN for the Root CA, minus the word 'Root'.

")) + "was chosen in the previous step when generating the root (except that the issuer certificate cannot\n", + "be ECDSA due to a limitation in the Let's Encrypt implementation), but you may choose a different\n", + "one. By default the common name is the same as the CN for the Root CA, minus the word 'Root'.

")) } else { return template.HTML("") }