[Ach] Recommendations creating CSRs

A. Schulze sca at andreasschulze.de
Tue Oct 14 22:12:06 CEST 2014

Hanno Böck:

> I wrote an article that got publised today for the german IT magazine
> Golem.de:
> http://www.golem.de/news/https-zertifikate-key-pinning-schuetzt-vor-boesartigen-zertifizierungsstellen-1410-109799.html

Hello Hanno,

your script generate a header containing two pin-sha256 values.
It suggest to take a cert and a key file for computation.
These two files produce the same pin-sha256 value here.

but your webserver generate a header with two different values !?

I read the draft and as far as I understand the intention is to provide
a current pin and a backup pin. right?

Does your script generate two equal values to fit the spec or
do I understand HPKP wrong?

Also, are you willing to share https://hboeck.de/hkp.php
or are there reference implementations?


More information about the Ach mailing list