I’m using staging server (aka Happy Hacker CA) to get certs for our staging environment. I would like to monitor them (we have valid certs on our staging platform), and not use production CA for this.
For our current certs, we use a custom CA that we import in the browser and in the CA store on the server. Is it possible to get the Happy Hacker CA somewhere to import it? I looked at the boulder directory in the letsencrypt githup repo, but it doesn’t seem to be the same CA
You can obtain it from http://cert.staging-x1.letsencrypt.org/ in DER format. That said, the Happy Hacker signing key for the staging network is in no way protected, it’s in fact distributed with Boulder’s source code, so beware.
I know there are plans to generate a new staging cert chain (with intermediates) so that staging can submit to test CT logs, but I don’t believe it’s a high priority.
It sounds like you’re doing the right thing: Importing the CA cert for staging into a browser that is only used for CI testing.
Just to be clear for anyone else visiting this thread: Do not import the staging CA into any browser you actually use to surf the web. It will allow anyone to trivially MITM you.