Hello,
I'm using OpenXPKI, an open-source PKI, that relies on Apache.
And I would like to follow the specs
rfc7030 - section 3.5,
which is a way for the EST server to make sure that the CSR comes from the same client with whom the TLS connection has been established with (through the tls unique channel binding).I'm able to extract this value in my Go client app through the package
/tls/crypto and include it in my certificate request (CSR). And my Apache server should have access to that tls unique channel too so it can compare it to the one sent by the client (CSR).
Eventually, i would like my apache server to expose it through an environment variable, the logic of comparing would be kept at OpenXPKI level.
Is this achievable on Apache?
Does it also work for tls1.3 version, using tls-exporter instead?
Thanks in advance,
Mohamed