Project

General

Profile

Feature #9843

allow to generate cert/csr with ECDSA key

Added by Viktor Gurov 4 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
10/23/2019
Due date:
% Done:

100%

Estimated time:

Description

Add ability to generate certificates/CSRs with ECDSA keys.

Screenshot from 2019-10-23 11-47-52.png (39.4 KB) Screenshot from 2019-10-23 11-47-52.png interface screenshot Viktor Gurov, 10/23/2019 03:49 AM

Associated revisions

Revision c3cda38e (diff)
Added by Jim Pingle 4 months ago

Change default ECSDA curve to prime256v1. Issue #9843

Previous default was brainpool, but brainpool curves are not (widely?)
supported by browsers and were deprecated by IETF for TLS v1.3

Revision cffcf9bf (diff)
Added by Jim Pingle 4 months ago

GUI improvements for ECDSA certificate handling

  • Make central functions to check and test ECDSA compatibility. Issue #9843
  • Filter incompatible certificates from being offered for the GUI or Captive Portal. Implements #9897
  • Do the same for IPsec, which implements #4991
  • Add a check for key type when generating ipsec.secrets to allow ECDSA certs to work in IPsec for issue #4991

Note that as of this moment, the following curves are known to be compatible:
HTTPS (GUI, Captive Portal): prime256v1, secp384r1
IPsec: prime256v1, secp384r1, secp521r1

Results may vary in other areas which are not yet well-tested, and in packages.

History

#2 Updated by Jim Pingle 4 months ago

  • Status changed from New to Pull Request Review
  • Assignee set to Jim Pingle

#3 Updated by Jim Pingle 4 months ago

  • Target version set to 2.5.0

#4 Updated by Jim Pingle 4 months ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100

PR has been merged

#5 Updated by Viktor Gurov 4 months ago

Jim Pingle wrote:

PR has been merged

Tested on 2.5.0.a.20191109.1723

Resolved

#6 Updated by Jim Pingle 4 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF