Must-Staple certificate on staging?

2 days ago, Must-Staple support was added to the master branch and 20 hours ago, the master branch was pulled into the staging branch. (And boulder is already sporting this commit: Boulder=( +d08ec6a Wed Feb 17 20:48:12 UTC 2016)

So, I thought, let’s generate a certificate with the Must-Staple feature in it! This, with the following command to generate the CSR:

openssl req -new -sha256 -key ../keys/ -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\\n1.")) -out

At the moment I’m still running OpenSSL 1.0.2, so no official support for RFC 7633. Therefore, the feature is hard-coded into the CSR…

Unfortunately, Boulder generates an “Internal server error” (or something)… See my issue @ GitHub

Has anyone already experimented with the Must-Staple extension?

1 Like