Adding some Dev Roots to Testflume

ndunbar · August 14, 2020, 1:59pm

Hi all,

Was just wondering what the process is to add a couple of Dev roots into the TestFlume trusted roots? From examining other messages it looks like PM’ing the roots to the correct personnel was the way to proceed, but my information may be woefully out of date.

Any advice would be gratefully received.

Thanks,

Neil

ndunbar · August 27, 2020, 6:59am

Any more ideas on this?

_az · August 27, 2020, 8:24am

The CT page suggests using email, but I couldn't tell you which address they mean:

Contact us via email about adding new root certificates to our logs if yours has not been included.

@Phil are you able to assist?

ndunbar · August 27, 2020, 10:24am

Yeah - I figured that the advice was simply out of date and this forum is the preferred method of enquiry.

Phil · August 27, 2020, 2:02pm

Hi @_az and @ndunbar,

Contacting us via email for root certification inclusions is our preferred method.

Instead of using the Testflume log in your development workflow, have you considered using a mock CT log such as our ct-test-srv which has support for RFC 6962 /ct/v1/add-chain and /ct/v1/add-pre-chain endpoints? Let me know if you have any questions getting that deployed.

We would be happy to add your staging CA and production CA though.

ndunbar · August 27, 2020, 2:35pm

OK - so what email address for root cert inclusions is preferred (PM me if this address shouldn’t be disclosed on the forum)?

Regarding development, we do have an internal dev log, but it’s always nice to be able to test quorum, latency et al on different logs.

Our production CA certs are already in Oak (and presumably Testflume), but it might be good to add our staging CAs too. If you let me know the email address, I’ll take that further.

Neil

Phil · August 27, 2020, 3:53pm

@ndunbar

Feel free to email security@ and we’ll get you sorted.

Phil · August 27, 2020, 5:25pm

@ndunbar

Your test roots have been added to Testflume.

$ for i in $(curl -s https://testflume.ct.letsencrypt.org/2020/ct/v1/get-roots | jq -r '.certificates[]'); do base64 -d <<< "${i}" | openssl x509 -inform der -noout -issuer -serial; done | egrep -iB1 '(92A664E4ECF8DAFF|8BAAA0EB9AC53E42)'
issuer=C = PA, ST = Panama, L = Panama City, O = Test TrustCor Systems S. de R.L., OU = TrustCor Certification Authority, CN = Test TrustCor RootCert CA-1
serial=92A664E4ECF8DAFF
issuer=C = PA, ST = Panama, L = Panama City, O = Test TrustCor Systems S. de R.L., OU = TrustCor Certification Authority, CN = Test TrustCor RootCert CA-2
serial=8BAAA0EB9AC53E42

Happy issuance!

system · September 26, 2020, 5:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.