alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
2437 commits 34 branches 199 tags 41 MiB
Commit graph

2437 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariano Cano
f7542a5bd9 Move check of ssh revocation from provisioner to the authority. 2021-07-21 15:22:57 -07:00
Carl Tashian
cff19691b3
Merge pull request #654 from smallstep/needs-renewal 
Fix needs-renewal condition and switch to using ExecCondition
 2021-07-21 14:34:42 -05:00
Carl Tashian
09b554f855
Merge pull request #609 from smallstep/discord 
update gitter to discord
 2021-07-21 12:24:27 -05:00
Carl Tashian
22ef324534 Fix needs-renewal condition and switch to using ExecCondition 2021-07-21 11:49:10 -05:00
Mariano Cano
71f8019243 Store x509 and ssh certificates on linkedca if enabled. 2021-07-20 18:16:24 -07:00
Mariano Cano
17eef81c91 Remove linkerd replace. 2021-07-20 14:55:07 -07:00
Mariano Cano
a72eab915b Use linkedca v0.1.0 2021-07-20 12:59:59 -07:00
Mariano Cano
7c0faab73e Remove now unused step-ca login. 2021-07-20 12:57:34 -07:00
Carl Tashian
f8c137af4f
Update provisioners.md 2021-07-20 10:32:18 -05:00
Carl Tashian
28acc1b7d2
Merge pull request #653 from smallstep/needs-renewal 
systemd cert renewer can now use 'step certificate needs-renewal'
 2021-07-20 09:38:52 -05:00
Mariano Cano
8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 2021-07-19 19:28:06 -07:00
Carl Tashian
0dd6564b1e
README link fixes 2021-07-19 13:05:01 -05:00
Carl Tashian
3e5b90b6fa systemd cert renewer can now use 'step certificate needs-renewal' 2021-07-19 08:34:22 -05:00
Herman Slatman
d669f3cb14
Fix misspelling 2021-07-17 20:39:12 +02:00
Herman Slatman
540d5fbbdc
Fix marshaling -> marshalling 2021-07-17 20:35:44 +02:00
Herman Slatman
2110c7722f
Fix JWK payload key equality check 2021-07-17 20:29:12 +02:00
Herman Slatman
a4cfb6698f
Merge branch 'master' into hs/acme-revocation 2021-07-17 19:04:43 +02:00
Herman Slatman
2eb69636ea
Merge branch 'master' into hs/acme-eab 2021-07-17 19:04:20 +02:00
Herman Slatman
d44cd18b96
Add External Accounting Binding key "BoundAt" marking 2021-07-17 19:02:47 +02:00
Herman Slatman
f81d49d963
Add first working version of External Account Binding 2021-07-17 17:35:44 +02:00
max furman
bd51b1f85b Updates for new issue page 2021-07-16 15:09:38 -07:00
max furman
a3af991261 Update pull request labeler action 2021-07-16 12:15:03 -07:00
max furman
b71ff09a08 UI updates for certificates new issue page 2021-07-16 10:50:22 -07:00
Mariano Cano
4aa529605d
Merge pull request #641 from hillu/quote-serial 
Log certificate's serial number as stringified decimal number
 2021-07-16 18:53:51 +02:00
Mariano Cano
76413b845e
Merge pull request #644 from hslatman/hs/fix-provisioner-name-log 
Fix logging provisioner name as string
 2021-07-16 04:38:40 +02:00
Herman Slatman
9210a6740b
Fix logging provisioner name as string 2021-07-15 23:13:08 +02:00
Hilko Bengen
edb01bc9f2 Log certificate's serial number as stringified decimal number 
Using a JSON string fixes a common issue with JSON parsers that
deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate
serial numbers are usually 128 bit values.)

This change is consistent with existing log entries for revocation
requests.

See also: #630, #631
 2021-07-14 12:06:28 +02:00
Mariano Cano
dd9850ce4c Add working implementation of the linkedca. 
Replaces the authority adminDB with a new impmentation that users the
linkedca client to retrieve the data.

Note that this implementation still hardcodes the endpoint to localhost.
 2021-07-12 18:11:00 +02:00
Mariano Cano
49c1427d15 Use authorityId instead of authorityID. 
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
 2021-07-12 15:31:05 +02:00
Mariano Cano
f7e09af9df Implement the login command. 
The login commands creates a new certificate for the linked ca.
This certificate will be used to sync data with the linkedca
endpoint.
 2021-07-12 15:28:13 +02:00
Herman Slatman
258efca0fa
Improve revocation authorization 2021-07-10 00:28:31 +02:00
Herman Slatman
97165f1844
Fix test mocking for CreateCertificate 2021-07-09 22:48:03 +02:00
Herman Slatman
2b15230aa4
Add Serial to Cert ID ACME table and lookup 2021-07-09 17:51:31 +02:00
Herman Slatman
8f7e700f09
Merge branch 'master' into hs/acme-revocation 2021-07-09 11:22:25 +02:00
Max
b9743b36e1
Merge pull request #599 from smallstep/max/cert-mgr-crud 
certificate manager
 2021-07-08 16:29:30 -07:00
max furman
857a50434c Merge branch 'master' into max/cert-mgr-crud 2021-07-08 16:25:52 -07:00
Max
517fab1b54
Merge pull request #602 from hslatman/hs/ip-verification 
IP Identifier Validation [RFC8738]
 2021-07-08 16:24:34 -07:00
max furman
681226a798 Merge branch 'master' into max/cert-mgr-crud 2021-07-08 16:21:09 -07:00
max furman
1df21b9b6a Addressing comments in PR review 
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
 2021-07-06 17:14:13 -07:00
Mariano Cano
bc14341387 Fix bootstrap command. 2021-07-06 16:35:00 +02:00
max furman
5679c9933d Fixes from PR review 2021-07-03 12:08:30 -07:00
max furman
77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 2021-07-02 20:26:46 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
Herman Slatman
16fe07d4dc
Fix mockSignAuth 2021-07-03 02:10:16 +02:00
Herman Slatman
0e56932e76
Add support for revocation using JWK 2021-07-03 01:57:27 +02:00
Herman Slatman
84e7d468f2
Improve handling of ACME revocation 2021-07-03 00:21:17 +02:00
Herman Slatman
d53bcaf830
Add base logic for ACME revoke-cert 2021-07-02 22:51:15 +02:00
Kevin Chen
9d4e6e315a update readme page 2021-06-29 11:01:53 -07:00
Herman Slatman
8e4a4ecc1f
Refactor tests for sans 2021-06-26 00:48:40 +02:00
Herman Slatman
87b72afa25
Fix IP equality check and add more tests 2021-06-26 00:13:44 +02:00