Adding some Dev Roots to Testflume

Hi all,

Was just wondering what the process is to add a couple of Dev roots into the TestFlume trusted roots? From examining other messages it looks like PM’ing the roots to the correct personnel was the way to proceed, but my information may be woefully out of date.

Any advice would be gratefully received.

Thanks,

Neil

Any more ideas on this?

The CT page suggests using email, but I couldn’t tell you which address they mean:

Contact us via email about adding new root certificates to our logs if yours has not been included.

@Phil are you able to assist?

1 Like

Yeah - I figured that the advice was simply out of date and this forum is the preferred method of enquiry.

Hi @_az and @ndunbar,

Contacting us via email for root certification inclusions is our preferred method.

Instead of using the Testflume log in your development workflow, have you considered using a mock CT log such as our ct-test-srv which has support for RFC 6962 /ct/v1/add-chain and /ct/v1/add-pre-chain endpoints? Let me know if you have any questions getting that deployed.

We would be happy to add your staging CA and production CA though.

OK - so what email address for root cert inclusions is preferred (PM me if this address shouldn’t be disclosed on the forum)?

Regarding development, we do have an internal dev log, but it’s always nice to be able to test quorum, latency et al on different logs.

Our production CA certs are already in Oak (and presumably Testflume), but it might be good to add our staging CAs too. If you let me know the email address, I’ll take that further.

Neil

@ndunbar

Feel free to email security@ and we’ll get you sorted.

@ndunbar

Your test roots have been added to Testflume. :evergreen_tree:

$ for i in $(curl -s https://testflume.ct.letsencrypt.org/2020/ct/v1/get-roots | jq -r '.certificates[]'); do base64 -d <<< "${i}" | openssl x509 -inform der -noout -issuer -serial; done | egrep -iB1 '(92A664E4ECF8DAFF|8BAAA0EB9AC53E42)'
issuer=C = PA, ST = Panama, L = Panama City, O = Test TrustCor Systems S. de R.L., OU = TrustCor Certification Authority, CN = Test TrustCor RootCert CA-1
serial=92A664E4ECF8DAFF
issuer=C = PA, ST = Panama, L = Panama City, O = Test TrustCor Systems S. de R.L., OU = TrustCor Certification Authority, CN = Test TrustCor RootCert CA-2
serial=8BAAA0EB9AC53E42

Happy issuance!