-
Hi, So what I understood so far is that the binding between the authorizing JWT and the CSR is solely based on the SANs field. Assume the SAN is something weak, i.e. generic like I'm a bit puzzled regarding this case. Thanks for any help on this, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Hi @daFritz84, that's a good point, but it would block some use cases where the CSR is not known beforehand. For example, if you use a configuration management system to configure a list of servers, you can generate a JWT for each server. Then, when the server is being configured, it can create a CSR and use the generated token to get a new certificate. Although a mitm attack is possible, there are some remediations in place. You also have to take into account that the JWK provisioner will only authorize CSRs that match the information in the token. However it can be a good optional improvement to add. |
Beta Was this translation helpful? Give feedback.
Hi @daFritz84, that's a good point, but it would block some use cases where the CSR is not known beforehand. For example, if you use a configuration management system to configure a list of servers, you can generate a JWT for each server. Then, when the server is being configured, it can create a CSR and use the generated token to get a new certificate.
Although a mitm attack is possible, there are some remediations in place.
step
will only trust the root certificate used at bootstrap time, and the TLS connection with that root of trust already protects you against simple attacks. A successful mitm will need to control your DNS and already have a certificate from your CA with the appropri…