Access Intermediate with http/insecureAddress #2145

rphlwnk · 2025-01-21T08:30:19Z

Is there a way to access the intermediates.pem or roots.pem through the insecureAddress?

I only get the files when accessing it through https, when I try accessing it through the insecureAddress i get an 404.

My ca.json looks like that

"address": ":4443",
"insecureAddress": ":8080",
"dnsNames": [
                "127.0.0.1",
        ],

When i try accessing it directly on the Server

curl http://127.0.0.1:8080/intermediates.pem
404 page not found

curl https://127.0.0.1:4443/intermediates.pem
-----BEGIN CERTIFICATE-----
MIIG+TCCBeGgA.....

The text was updated successfully, but these errors were encountered:

hslatman · 2025-01-21T13:25:37Z

Hi @rphlwnk, at the moment we don't serve the intermediate or root through HTTPS. The reason for this is that to be able to trust the response, we rely on TLS. We currently don't have another way to ascertain that a set of intermediates retrieved via HTTP is the expected set of certificates.

It is unlikely that we'll add support for it, because we'd rather have people bootstrap trust with the CA, and then use HTTPS wherever possible.

hslatman self-assigned this Jan 21, 2025

hslatman closed this as completed Jan 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Access Intermediate with http/insecureAddress #2145

Access Intermediate with http/insecureAddress #2145

rphlwnk commented Jan 21, 2025

hslatman commented Jan 21, 2025 •

edited

Loading

Access Intermediate with http/insecureAddress #2145

Access Intermediate with http/insecureAddress #2145

Comments

rphlwnk commented Jan 21, 2025

hslatman commented Jan 21, 2025 • edited Loading

hslatman commented Jan 21, 2025 •

edited

Loading