Questions about certificates in OpenBMC
Lei Yu
yulei.sh at bytedance.com
Mon Aug 30 15:27:25 AEST 2021
This email is about several questions related to certificates
including bmcweb and phosphor-certificate-manager.
The background:
* When bmcweb starts from fresh, it generates a self-signed server
certificate including private key, in /etc/ssl/certs/https/server.pem
* phosphor-certificate-manager seems to watch the above file, and
generates a .rsaprivkey.pem
* When CertificateService.GenerateCSR is called,
phosphor-certificate-manager generates the private key and CSR as
privkey.pem and domain.csr in the same directory.
The questions:
1. What is the relationship between bmcweb's server.pem and .rsaprivkey.pem?
2. When generating CSR, why a new private key is generated? (It looks
like it's the same as .rsaprivkey.pem though)
3. When the CSR is signed, and CertificateService.ReplaceCertificate
is called, what exactly will happen for the keys/certificates?
Thanks!
--
BRs,
Lei YU
More information about the openbmc
mailing list