Commit graph

113 commits

Author SHA1 Message Date
Mariano Cano
8200d19894
Improve CRL implementation
This commit adds some changes to PR #731, some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL

This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2022-10-26 18:55:24 -07:00
Raal Goff
9fa5f46213 add minor doco, Test_CRLGeneration(), fix some issues from merge 2022-07-13 08:56:47 +08:00
max furman
4cb74e7d8b fix linter warnings 2022-04-30 13:08:28 -07:00
Herman Slatman
d799359917
Merge branch 'master' into hs/acme-eab 2021-12-09 13:58:40 +01:00
Carl Tashian
53ebd85327 Update star gif size 2021-12-07 10:17:48 -08:00
Carl Tashian
c0255b7caa Update star gif 2021-12-07 10:07:50 -08:00
Carl Tashian
accb0710a1 Star gif 2021-12-07 10:02:44 -08:00
Herman Slatman
a98fe03e80
Merge branch 'master' into hs/acme-eab 2021-08-27 12:50:19 +02:00
Herman Slatman
71b3f65df1
Add processing of RequireEAB through Linked CA 2021-08-07 01:33:08 +02:00
Carl Tashian
09b554f855
Merge pull request #609 from smallstep/discord
update gitter to discord
2021-07-21 12:24:27 -05:00
Carl Tashian
f8c137af4f
Update provisioners.md 2021-07-20 10:32:18 -05:00
Kevin Chen
9d4e6e315a update readme page 2021-06-29 11:01:53 -07:00
Kevin Chen
2ac53f7c69 update gitter to discord 2021-06-08 09:42:20 -07:00
Carl Tashian
e305940448 Small docs cleanup 2021-05-10 15:14:29 -07:00
Carl Tashian
6f0f023d2c Small docs cleanup 2021-05-10 14:43:05 -07:00
FibreFoX
9607691f9c
Added missing hints for running step-ca on Raspberry Pi
See #351, #344, #279
2021-05-08 22:28:22 +02:00
Carl Tashian
e50c5bc4b1 Remove pronoun 2021-04-19 12:08:42 -07:00
Austin Tucker Hall
6801cf3d05
Update provisioners.md
mispelling that is driving me nuts
2021-04-05 17:19:27 -05:00
Carl Tashian
4d7338f763
Merge pull request #499 from smallstep/carl/readmes
Update "build from source" instructions
2021-03-08 13:58:41 -08:00
Carl Tashian
35be06f4aa Amendments to CONTRIBUTING doc 2021-03-08 13:54:55 -08:00
Carl Tashian
c67531134a
Update CONTRIBUTING.md 2021-03-02 15:33:35 -08:00
Carl Tashian
a9e52405a2
Add CGO build instructions to contributing.md 2021-03-02 15:29:09 -08:00
max furman
9cfdd2f3df [action] change step-certificates to step-ca where possible 2021-03-02 11:58:42 -08:00
max furman
19a3cd10a1 [docs] provisioners fix attr dupe and give warning about stale docs 2020-11-18 16:57:24 -08:00
Anton Lundin
3e6137110b Add support for using ssh-agent as a KMS
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00
Carl Tashian
80beff6ce3 Update READMEs with links to new docs 2020-10-27 16:20:45 -07:00
Nico Domino
8aae8a6153
Update provisioners.md
Swapped markdown URL / Text
2020-10-25 10:52:23 +01:00
Mariano Cano
341dc1c3ea Remove merge data. 2020-10-19 18:55:30 -07:00
Mariano Cano
6a818ebc92 Merge branch 'master' into ra-init 2020-10-19 18:53:55 -07:00
Mariano Cano
2ec0c24e98 Update docs for RA. 2020-10-19 18:43:11 -07:00
Mariano Cano
6049d42b5f
Change title to match with CAS 2020-10-19 11:30:00 -07:00
Mariano Cano
7d1686dc53 Add option to specify the AWS IID certificates to use.
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Carl Tashian
329f401e58
Update cas.md
Needed to run two commands to set up IAM roles because passing `--role` twice only uses the second value passed.
2020-09-29 15:46:53 -07:00
Carl Tashian
3f55f22b2e
Update cas.md
Added `--location` flag to a couple of the commands
2020-09-29 15:24:15 -07:00
Mariano Cano
7d779e12db Change service account name. 2020-09-24 12:45:19 -07:00
Mariano Cano
52d857a302 Update CloudCAS instructions. 2020-09-24 12:43:25 -07:00
Mariano Cano
066c7ee10b Fix iam permissions. 2020-09-24 12:37:29 -07:00
Carl Tashian
fd07e25e61 Change Gitter links to GH Discussions tab 2020-09-23 16:36:37 -07:00
Mariano Cano
42ce78ed43 Add initial docs for CAS. 2020-09-22 13:32:48 -07:00
max furman
e8c5a3b320 Document concurrency limitations in ACME server
- in concurrency / HA section
2020-08-07 13:48:35 -07:00
Carl Tashian
c1e6c0285a
Merge pull request #325 from smallstep/readme-updates
README updates, round 2
2020-07-20 18:56:37 -05:00
Carl Tashian
ed89367fca Round 2 of README updates 2020-07-20 14:10:36 -07:00
Ilias Trichopoulos
7d5552f53e Fix service logs path 2020-07-14 08:48:43 +02:00
Ilias Trichopoulos
6d8b4a1b9a Fix service name 2020-07-14 08:48:18 +02:00
Ilias Trichopoulos
730639d2a3 Fix service user name
In `ExecStart` the user used us `smallstep` so the same user should be defined in `useradd`.
2020-07-14 08:48:18 +02:00
max furman
b5699892ad Add github response to frequenty asked questions doc
- security risks of exposing the OAuth Client Secret in the output of
  `step ca provisioner list`
2020-07-08 15:18:30 -07:00
mkontani
feadaa6c56
docs: fix provisioner type
Signed-off-by: mkontani <itoama@live.jp>
2020-06-30 04:32:42 +09:00
max furman
84d9bf86f5 Add forceCN option in ACME provisioner doc 2020-06-26 10:42:13 -07:00
max furman
5752408618 Document the ACME, SSHPOP, X5C, and K8sSA provisioners.
- Fixes #266, #293, #294
2020-06-25 17:29:25 -07:00