[Ach] Recommendations creating CSRs
A. Schulze
sca at andreasschulze.de
Tue Oct 14 22:12:06 CEST 2014
Hanno Böck:
> I wrote an article that got publised today for the german IT magazine
> Golem.de:
> http://www.golem.de/news/https-zertifikate-key-pinning-schuetzt-vor-boesartigen-zertifizierungsstellen-1410-109799.html
Hello Hanno,
your script generate a header containing two pin-sha256 values.
It suggest to take a cert and a key file for computation.
These two files produce the same pin-sha256 value here.
but your webserver generate a header with two different values !?
I read the draft and as far as I understand the intention is to provide
a current pin and a backup pin. right?
Does your script generate two equal values to fit the spec or
do I understand HPKP wrong?
Also, are you willing to share https://hboeck.de/hkp.php
or are there reference implementations?
Thanks,
Andreas
More information about the Ach
mailing list