Certificate Authority Verification

On this page

Certificate Authority Verification
Policy Execution Time
Default Deny, Allow Case-by-Case Policy Code

The External Secrets Inc. Audit & Compliance product suite is a premium product. It requires a specific subscription. Contact us for more information.

Certificate Authority Verification

This policy example will check if a certificate is issued by a trusted Certificate Authority. The policy will be non-compliant if the certificate is not issued by a trusted Certificate Authority.

Policy Execution Time

This policy example should be executed on Update events.

Default Deny, Allow Case-by-Case Policy Code

package main
import rego.v1

default allow := false
ca := "base64-encoded-ca"
allow if {
    ca_list := x509cert.issuers(input.Data["ca-crt"])
    x509cert.is_issued_by_trusted_ca(ca, ca_list)
}
# If input.Data['ca-crt'] does not exist, the policy should also be compliant
allow if {
  not input.Data["ca-crt"]
}

This policy verifies that a given certificate is only issued by a trusted Certificate Authority.

Cross Provider Duplication Password Compliance

Get Started

Get Started

Dashboard

Destinations

Policies

Listener

Aditional documentation

Certificate Authority Verification

Certificate Authority Verification

Policy Execution Time

Default Deny, Allow Case-by-Case Policy Code

Get Started

Get Started

Dashboard

Destinations

Policies

Listener

Aditional documentation

​Certificate Authority Verification

​Policy Execution Time

​Default Deny, Allow Case-by-Case Policy Code

Certificate Authority Verification

Policy Execution Time

Default Deny, Allow Case-by-Case Policy Code