Issue #289: postsave command should get cert info via environment variables - certmonger

certmonger

#289 postsave command should get cert info via environment variables

Opened Mar 20, 2025 by dagwieers. Modified Mar 20, 2025

Often more than not, the certificates need to be post-processed before they can be used by applications (e.g. keytool etc.). It would help if the postsave command (often a wrapper) would have access to e.g. the location of the certificate and private key, and potentially other information that is available to Certmonger.

This would greatly enhance the functionality of postsave commands and could eventually lead to standardized wrappers for Certmonger taking care of keystore integration or necessary conversions and other nice functionality admins need to get a complete working end-to-end solution.

rcritten commented Mar 20, 2025

The trick is in identifying those things that would be relevant. Along with the PEM cert and key paths the NSS database and nickname would be needed at a minimum. Depending on what operations are done the PIN and PIN file would be needed.

A poorly written post-command script could lead to vulnerabilities and leaking of information.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

certmonger

#289 postsave command should get cert info via environment variables Opened Mar 20, 2025 by dagwieers. Modified Mar 20, 2025

Metadata

#289 postsave command should get cert info via environment variables

Opened Mar 20, 2025 by dagwieers. Modified Mar 20, 2025