[feature request] Support adding CRL endpoint to locally signed certificates

[m13t]

The TLS provider should support the ability to set CRL and OCSP endpoints when creating locally signed (CA signed) certificates. Currently there is no way to set this using the provider, and as a result, the only way to do this would be using tools outside of Terraform such as OpenSSL CLI.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Affected Resource(s)

Please list the resources as a list, for example:

• tls_locally_signed_cert

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "tls_locally_signed_cert" "example" {
  cert_request_pem   = "${file("cert_request.pem")}"
  ca_key_algorithm   = "ECDSA"
  ca_private_key_pem = "${file("ca_private_key.pem")}"
  ca_cert_pem        = "${file("ca_cert.pem")}"

  validity_period_hours = 12

  allowed_uses = [
    "key_encipherment",
    "digital_signature",
    "server_auth",
  ]
}

Code taken from the example resource in the provider documentation.

Debug Output

N/A

Panic Output

N/A

Expected Behavior

Expect to be able to provide CRL Info similar to OpenSSL config, e.g.

crl_info {
  uris = [
    "crl1.example.com",
    "crl2.example.org",
  ]
}

Actual Behavior

Requested functionality does not currently exist.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:
N/A - Feature request

Important Factoids

Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs? N/A

References

• relates and partially overlaps with Certificate revocation list #20

[eanselmi]

+1