Custom root CA for x.509 commit signing? #130637
Unanswered
avidal
asked this question in
Enterprise
Replies: 2 comments 6 replies
-
Hi there @avidal, Have you tried this: If the local client knows about the root, that same root is installed in the org, the signing cert is installed locally, the signing cert is attached to their github profile, and their ssh client knows to use the cert it could work. |
Beta Was this translation helpful? Give feedback.
2 replies
-
@avidal - I think so? See the docs: https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#smime-commit-signature-verification I have never done this myself, though. |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Body
For Enterprise Cloud, you can upload a custom ssh root CA. Can we do the same for x.509 commit signatures to get a Verified badge using a self-signed root?
edit: I did a test myself using an Enterprise Cloud trial. The Enterprise setting for uploading your own SSH CA is very explicit about only accepting an SSH private key afaict.
GitLab supports this by allowing enterprise admins to augment the certificate trust store which applies both to SSH certificates and x.509 commit signature certificates.
Beta Was this translation helpful? Give feedback.
All reactions