Mariano Cano
|
8236765e9c
|
Use only key part to generate the SubjectKeyId.
This change generates the certificate subject key identifier using
the recommended method in the RFC 5280 section 4.2.1.2.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
cf2989a848
|
Add token and subject to K8sSA provisioner to be used in custom
templates.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
71be83b25e
|
Add iss#sub uri in OIDC certificates.
Admin will use the CR template if none is provided.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
9bd576af2c
|
Fix build of SANs.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
c58117b30d
|
Allow to use base64 when defining a template in the ca.json.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
b2ca3176f5
|
Prepend insecure to user and CR variables names.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
69902b0153
|
For iid provisioners use only the csr name if custom sans is disabled.
The provisioner will validate the common name om a list of options.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
b11486f41f
|
Fix option method for template variable.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
04f5053a7a
|
Add template support for x5c.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
eb8886d828
|
Add CR subject as iid default subject.
Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
e60ea419cc
|
Add template support for gcp provisioner.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
32646c49bf
|
Add templates support to Azure provisioner.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
a44f0ca866
|
Add token payload.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
00fd41a3d0
|
Add template support to K8sSA provisioners.
|
2020-07-21 14:18:06 -07:00 |
|
Mariano Cano
|
13b704aeed
|
Add template support for AWS provisioner.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
49b9aa6e3f
|
Fix log string.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
4795e371bd
|
Add back the support for ca.json DN template.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
e6fed5e0aa
|
Minor fixes and comments.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
81cd288104
|
Enable templates in acme provisioners.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
e11160ebf1
|
Fix missing parenthesis.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
a7e2ebb7d2
|
Fix creation of certificate without templates.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
3c84453cf4
|
Move CreateTemplateData.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
28ff122f83
|
Add certificate requests in the templates.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
ca2fb42d68
|
Move options to the provisioner.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
206bc6757a
|
Add initial support for templates in the OIDC provisioner.
|
2020-07-21 14:18:05 -07:00 |
|
Mariano Cano
|
534a6b6c4c
|
Add default templates for intermediate a root certificates.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
0847af16cb
|
Fix setter of basic constraints.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
068bafe5a3
|
Add templateData to api sign request.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
95c3a41bf0
|
Rename UserData to TemplateData and fix unmarshaling.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
9f3acc254b
|
Set the token payload in the JWK provisioner.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
5a04e3b36d
|
Add methods to add data to the template data.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
ef0ed0ff95
|
Integrate simple templates in the JWK provisioner.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
d1d9ae42d6
|
Use certificates x509util instead of cli for certificate signing.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
9032018cf2
|
Convert x509util.WithOptions to new modifiers.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
dcb962bdde
|
Add TemplateData alias and some comments.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
3ba1fbd881
|
Use local SplitSANs.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
6eba0e0e0e
|
Simplify default template.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
abc0a63e32
|
Add wrapper around x509.CreateCertificate.
This wrapper generates some data if needed and cleans key usages
in templates.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
3766702de9
|
Remove empty file.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
208c351a39
|
Add sample leaf template.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
70c0af8200
|
Use different options to load a template from a string or file.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
738304bc6f
|
Add support for SubjectalternativeName type.
Move code around and some fixes.
|
2020-07-21 14:18:04 -07:00 |
|
Mariano Cano
|
2556b57906
|
Add types for certificate flexibility.
This is a first implementation, not the final one.
|
2020-07-21 14:18:04 -07:00 |
|
Carl Tashian
|
c1e6c0285a
|
Merge pull request #325 from smallstep/readme-updates
README updates, round 2
|
2020-07-20 18:56:37 -05:00 |
|
Carl Tashian
|
912e298043
|
Whitelist -> Allowlist per https://tools.ietf.org/id/draft-knodel-terminology-01.html
|
2020-07-20 15:42:47 -07:00 |
|
Carl Tashian
|
ed89367fca
|
Round 2 of README updates
|
2020-07-20 14:10:36 -07:00 |
|
Mariano Cano
|
51b9867c51
|
Merge pull request #318 from nop33/getting-started-docs-fixes
Getting Started docs fixes
|
2020-07-15 13:02:47 -07:00 |
|
Ilias Trichopoulos
|
7d5552f53e
|
Fix service logs path
|
2020-07-14 08:48:43 +02:00 |
|
Ilias Trichopoulos
|
6d8b4a1b9a
|
Fix service name
|
2020-07-14 08:48:18 +02:00 |
|
Ilias Trichopoulos
|
730639d2a3
|
Fix service user name
In `ExecStart` the user used us `smallstep` so the same user should be defined in `useradd`.
|
2020-07-14 08:48:18 +02:00 |
|