-
|
In order to use leaf certificates issued by step ca for mTLS in a particular IoT application the certificates cannot have extraneous extensions like X509v3 Step Provisioner. Is there a way to configure step ca to not issue leaf certificates with this extension? For example the Arduino MKR Wifi 1010 board has an ATECC508A cryptographic authentication chip which has hardware based certificate storage for client certificates. However due to the storage limitations of the chip the certificates are deconstructed into a compressed form for storage, where known values like subject fields are stripped and stored separately. Certificates issued via step ca with the Step Provisioner extension cannot be used as a drop-in in this application. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Right now there's it's not possible to create a certificate without that extension. I'll create an issue from this discussion so we can discuss it in our next triage meeting. |
Beta Was this translation helpful? Give feedback.
-
|
Moved to #620 |
Beta Was this translation helpful? Give feedback.
Right now there's it's not possible to create a certificate without that extension. I'll create an issue from this discussion so we can discuss it in our next triage meeting.