Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have webhook certificates managed by keymaster #883

Closed
7 tasks done
mooreds opened this issue Sep 21, 2020 · 2 comments
Closed
7 tasks done

Have webhook certificates managed by keymaster #883

mooreds opened this issue Sep 21, 2020 · 2 comments
Assignees
@spwitt
Labels
enhancement New feature or request
Milestone
1.48.0

Comments

@mooreds
Copy link
Collaborator

mooreds commented Sep 21, 2020
edited by robotdan
Loading

Have webhook certificates managed by keymaster

Problem

Right now I can use client cert authentication in webhooks sent by FusionAuth by pasting in a .pem file. I'd like to manage my client certs in Key Master.

Solution

Allow me to use Key Master for my client certs. Note that I can do so with the generic connector, so I think the functionality is written, just a matter of connecting it up to that view (pure speculation on my part).

Alternatives/workarounds

Continue to paste my .pem files in.

Additional context

Generic connector (where you select from managed certs):
Screen Shot 2020-09-21 at 10 10 22 AM

Webhook (where you paste in your cert):
Screen Shot 2020-09-21 at 10 10 34 AM

Related

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

Documentation

  • Document specifying webhook certificates from Key Master fusionauth-site#2594
  • Document webhook.sslCertificateKeyId field on API
  • Describe behavior/interaction of sslCertificate and sslCertificateKeyId on API requests
  • PATCH request behavior (pending review)
  • Document new field in admin UI
  • Document behavior based on the Manual certificate entry toggle (the field not displayed will be erased)
  • Update screenshots for admin UI (wait for other webhook features to be merged)
  • Document webhook.sslCertificate as deprecated

Release Notes

Support specifying webhook SSL certificates from Key Master. Prior to this enhancement, if you needed to specify an SSL certificate, it had to be added to the webhook in PEM format. You may now store this certificate in Key Master and then use this same certificate between webhooks.
+
This change is backwards compatible, but the ability to manually specify X.509 certificates in PEM format on the webhook configuration has been deprecated and may be removed in the future. See the link:/docs/v1/tech/apis/webhooks[Webhook] API sslCertificateKeyId field for for additional details.
+
@robotdan
Copy link
Member

We mainly haven't done this due to compatibility issues. But perhaps we can migrate this to key master and still provide some backwards compatibility.

I think this is the last hold out to join key master... so it would be nice to get this one moved over as well.

@robotdan robotdan added the enhancement New feature or request label Sep 21, 2020
@robotdan robotdan mentioned this issue Jan 7, 2022
Open
@andrewpai andrewpai added this to the 1.48.0 milestone Jul 28, 2023
@spwitt spwitt self-assigned this Sep 7, 2023
@spwitt
Copy link

spwitt commented Sep 19, 2023

Internal

@spwitt spwitt mentioned this issue Oct 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spwitt spwitt

Labels
enhancement New feature or request
Projects
FusionAuth Issues
Status: Delivered
Milestone
1.48.0
Development

No branches or pull requests
4 participants
@mooreds @robotdan @spwitt @andrewpai