No. Only the CA can put things in the certificate and then sign or re-sign it.
What you can do is send SCT’s in the TLS handshake extensions.
Only the CA who signed the certificate can add things to the certificate.
So then what you are asking is how to use the software that you have, to add those things to the certs you generate.
So then what you are asking is how to use the software that you have, to add those things to the certs you generate.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/7943DB79-6B2A-4477-81F8-778B73DB2A12%40akamai.com.
For more options, visit https://groups.google.com/d/optout.
What software are you using to generate/sign those certificates?To embed SCTs, you'll need support in your software for generating pre-certificates (which aren't certificates, but just the content of what will be signed, with a special "poison" extension, to make sure they never get interpreted as a certificate), and submit those using the "add-pre-chain" API. Then you can give back the SCTs you obtained to your software to embed them in the certificate, and only *then* sign the certificate.How to do this would really depend on what exact software you're using?
On Sat, Mar 17, 2018 at 7:10 PM 'Salz, Rich' via certificate-transparency <certificate-...@googlegroups.com> wrote:
--
So then what you are asking is how to use the software that you have, to add those things to the certs you generate.
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.