Replies: 2 comments 1 reply
This comment has been hidden.
This comment has been hidden.
-
Currently, there is no support for requiring a given CN. You can use the In almost all set-ups we've seen so far, I was easier to set up a separate (small) CA for signing RAUC bundles, as any pre-existing CAs and their use was not related to update signing in any way. Why do you prefer using a 3rd party CA instead of a separate CA? |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
We're using a 3rd party CA to sign the bundle and we would like to avoid having the intermediate certificate in the rootfs. Hence we want to rely on the chain on trust to validate the origin of the bundle and we would provide the intermediate certificate in the update bundle.
However by doing that any update signed by this CA could be accepted by rauc and I would like to know if there's a possibility to only accept a given CN
Regards,
Sebastien
Beta Was this translation helpful? Give feedback.
All reactions