Page MenuHomePhabricator

Allow SSL certificate to be stored in Passphrase
Open, NormalPublic


We are currently using SSH key type passphrases: the description field to store the certificate and the private key goes in secret. It's not very practical as the description field is rendered with the newlines stripped on the passphrase page.

Event Timeline

swisspol raised the priority of this task from to Needs Triage.
swisspol updated the task description. (Show Details)
swisspol added a subscriber: swisspol.
chad triaged this task as Normal priority.Jul 4 2014, 5:32 AM
chad added a project: Passphrase.

Is this meaningfully different than T5398 ("block of text" credential type)? I can't think of very much we could usefully do by knowing that the credential is an SSL certificate.

I'm not sure how you plan to implement T5398, but if you wanted to properly store an SSL cert, you would really need these fields:

  • name (required)
  • description (optional)
  • cert (required)
  • cert chain (optional)
  • key (required and encrypted)

You could imaging calling OpenSSL to verify the cert too.

swisspol: what we do, which could be a workaround for you, is to store the private key in secret, and upload the certificate via /file. Files have access control as well, so you can limit access to the certificate. Then the description in passkey is something like 'Download the certificate at Fxxxx'.