Mariano Cano
8200d19894
Improve CRL implementation
...
This commit adds some changes to PR #731 , some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL
This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2022-10-26 18:55:24 -07:00
Raal Goff
9fa5f46213
add minor doco, Test_CRLGeneration(), fix some issues from merge
2022-07-13 08:56:47 +08:00
max furman
4cb74e7d8b
fix linter warnings
2022-04-30 13:08:28 -07:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab
2021-12-09 13:58:40 +01:00
Carl Tashian
53ebd85327
Update star gif size
2021-12-07 10:17:48 -08:00
Carl Tashian
c0255b7caa
Update star gif
2021-12-07 10:07:50 -08:00
Carl Tashian
accb0710a1
Star gif
2021-12-07 10:02:44 -08:00
Herman Slatman
a98fe03e80
Merge branch 'master' into hs/acme-eab
2021-08-27 12:50:19 +02:00
Herman Slatman
71b3f65df1
Add processing of RequireEAB through Linked CA
2021-08-07 01:33:08 +02:00
Carl Tashian
09b554f855
Merge pull request #609 from smallstep/discord
...
update gitter to discord
2021-07-21 12:24:27 -05:00
Carl Tashian
f8c137af4f
Update provisioners.md
2021-07-20 10:32:18 -05:00
Kevin Chen
9d4e6e315a
update readme page
2021-06-29 11:01:53 -07:00
Kevin Chen
2ac53f7c69
update gitter to discord
2021-06-08 09:42:20 -07:00
Carl Tashian
e305940448
Small docs cleanup
2021-05-10 15:14:29 -07:00
Carl Tashian
6f0f023d2c
Small docs cleanup
2021-05-10 14:43:05 -07:00
FibreFoX
9607691f9c
Added missing hints for running step-ca on Raspberry Pi
...
See #351 , #344 , #279
2021-05-08 22:28:22 +02:00
Carl Tashian
e50c5bc4b1
Remove pronoun
2021-04-19 12:08:42 -07:00
Austin Tucker Hall
6801cf3d05
Update provisioners.md
...
mispelling that is driving me nuts
2021-04-05 17:19:27 -05:00
Carl Tashian
4d7338f763
Merge pull request #499 from smallstep/carl/readmes
...
Update "build from source" instructions
2021-03-08 13:58:41 -08:00
Carl Tashian
35be06f4aa
Amendments to CONTRIBUTING doc
2021-03-08 13:54:55 -08:00
Carl Tashian
c67531134a
Update CONTRIBUTING.md
2021-03-02 15:33:35 -08:00
Carl Tashian
a9e52405a2
Add CGO build instructions to contributing.md
2021-03-02 15:29:09 -08:00
max furman
9cfdd2f3df
[action] change step-certificates to step-ca where possible
2021-03-02 11:58:42 -08:00
max furman
19a3cd10a1
[docs] provisioners fix attr dupe and give warning about stale docs
2020-11-18 16:57:24 -08:00
Anton Lundin
3e6137110b
Add support for using ssh-agent as a KMS
...
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.
This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.
That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.
This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.
Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00
Carl Tashian
80beff6ce3
Update READMEs with links to new docs
2020-10-27 16:20:45 -07:00
Nico Domino
8aae8a6153
Update provisioners.md
...
Swapped markdown URL / Text
2020-10-25 10:52:23 +01:00
Mariano Cano
341dc1c3ea
Remove merge data.
2020-10-19 18:55:30 -07:00
Mariano Cano
6a818ebc92
Merge branch 'master' into ra-init
2020-10-19 18:53:55 -07:00
Mariano Cano
2ec0c24e98
Update docs for RA.
2020-10-19 18:43:11 -07:00
Mariano Cano
6049d42b5f
Change title to match with CAS
2020-10-19 11:30:00 -07:00
Mariano Cano
7d1686dc53
Add option to specify the AWS IID certificates to use.
...
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.
Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
...
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Carl Tashian
329f401e58
Update cas.md
...
Needed to run two commands to set up IAM roles because passing `--role` twice only uses the second value passed.
2020-09-29 15:46:53 -07:00
Carl Tashian
3f55f22b2e
Update cas.md
...
Added `--location` flag to a couple of the commands
2020-09-29 15:24:15 -07:00
Mariano Cano
7d779e12db
Change service account name.
2020-09-24 12:45:19 -07:00
Mariano Cano
52d857a302
Update CloudCAS instructions.
2020-09-24 12:43:25 -07:00
Mariano Cano
066c7ee10b
Fix iam permissions.
2020-09-24 12:37:29 -07:00
Carl Tashian
fd07e25e61
Change Gitter links to GH Discussions tab
2020-09-23 16:36:37 -07:00
Mariano Cano
42ce78ed43
Add initial docs for CAS.
2020-09-22 13:32:48 -07:00
max furman
e8c5a3b320
Document concurrency limitations in ACME server
...
- in concurrency / HA section
2020-08-07 13:48:35 -07:00
Carl Tashian
c1e6c0285a
Merge pull request #325 from smallstep/readme-updates
...
README updates, round 2
2020-07-20 18:56:37 -05:00
Carl Tashian
ed89367fca
Round 2 of README updates
2020-07-20 14:10:36 -07:00
Ilias Trichopoulos
7d5552f53e
Fix service logs path
2020-07-14 08:48:43 +02:00
Ilias Trichopoulos
6d8b4a1b9a
Fix service name
2020-07-14 08:48:18 +02:00
Ilias Trichopoulos
730639d2a3
Fix service user name
...
In `ExecStart` the user used us `smallstep` so the same user should be defined in `useradd`.
2020-07-14 08:48:18 +02:00
max furman
b5699892ad
Add github response to frequenty asked questions doc
...
- security risks of exposing the OAuth Client Secret in the output of
`step ca provisioner list`
2020-07-08 15:18:30 -07:00
mkontani
feadaa6c56
docs: fix provisioner type
...
Signed-off-by: mkontani <itoama@live.jp>
2020-06-30 04:32:42 +09:00
max furman
84d9bf86f5
Add forceCN
option in ACME provisioner doc
2020-06-26 10:42:13 -07:00
max furman
5752408618
Document the ACME, SSHPOP, X5C, and K8sSA provisioners.
...
- Fixes #266 , #293 , #294
2020-06-25 17:29:25 -07:00