Mariano Cano
d0c1530f89
Remove replace of linkedca package.
2021-07-26 14:48:01 -07:00
Mariano Cano
3a00b6b396
Properly marshal a certificate when we send it to linkedca.
2021-07-26 14:31:42 -07:00
Mariano Cano
4ad82a2f76
Check linkedca for revocation.
2021-07-23 16:10:13 -07:00
Herman Slatman
7dad7038c3
Fix missing ACME EAB API endpoints
2021-07-23 15:41:24 +02:00
Herman Slatman
c6a4c4ecba
Change ACME EAB endpoint
2021-07-23 15:16:11 +02:00
Herman Slatman
c6bfc6eac2
Fix PR comments
2021-07-22 23:48:41 +02:00
Herman Slatman
b65a588d5b
Make authentication work for /admin/eak
2021-07-22 22:43:21 +02:00
Mariano Cano
f7542a5bd9
Move check of ssh revocation from provisioner to the authority.
2021-07-21 15:22:57 -07:00
Carl Tashian
cff19691b3
Merge pull request #654 from smallstep/needs-renewal
...
Fix needs-renewal condition and switch to using ExecCondition
2021-07-21 14:34:42 -05:00
Carl Tashian
09b554f855
Merge pull request #609 from smallstep/discord
...
update gitter to discord
2021-07-21 12:24:27 -05:00
Carl Tashian
22ef324534
Fix needs-renewal condition and switch to using ExecCondition
2021-07-21 11:49:10 -05:00
Mariano Cano
71f8019243
Store x509 and ssh certificates on linkedca if enabled.
2021-07-20 18:16:24 -07:00
Mariano Cano
17eef81c91
Remove linkerd replace.
2021-07-20 14:55:07 -07:00
Mariano Cano
a72eab915b
Use linkedca v0.1.0
2021-07-20 12:59:59 -07:00
Mariano Cano
7c0faab73e
Remove now unused step-ca login.
2021-07-20 12:57:34 -07:00
Carl Tashian
f8c137af4f
Update provisioners.md
2021-07-20 10:32:18 -05:00
Carl Tashian
28acc1b7d2
Merge pull request #653 from smallstep/needs-renewal
...
systemd cert renewer can now use 'step certificate needs-renewal'
2021-07-20 09:38:52 -05:00
Mariano Cano
8fb5340dc9
Use a token at start time to configure linkedca.
...
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
2021-07-19 19:28:06 -07:00
Carl Tashian
0dd6564b1e
README link fixes
2021-07-19 13:05:01 -05:00
Carl Tashian
3e5b90b6fa
systemd cert renewer can now use 'step certificate needs-renewal'
2021-07-19 08:34:22 -05:00
Herman Slatman
d669f3cb14
Fix misspelling
2021-07-17 20:39:12 +02:00
Herman Slatman
540d5fbbdc
Fix marshaling -> marshalling
2021-07-17 20:35:44 +02:00
Herman Slatman
2110c7722f
Fix JWK payload key equality check
2021-07-17 20:29:12 +02:00
Herman Slatman
a4cfb6698f
Merge branch 'master' into hs/acme-revocation
2021-07-17 19:04:43 +02:00
Herman Slatman
2eb69636ea
Merge branch 'master' into hs/acme-eab
2021-07-17 19:04:20 +02:00
Herman Slatman
d44cd18b96
Add External Accounting Binding key "BoundAt" marking
2021-07-17 19:02:47 +02:00
Herman Slatman
f81d49d963
Add first working version of External Account Binding
2021-07-17 17:35:44 +02:00
max furman
bd51b1f85b
Updates for new issue page
2021-07-16 15:09:38 -07:00
max furman
a3af991261
Update pull request labeler action
2021-07-16 12:15:03 -07:00
max furman
b71ff09a08
UI updates for certificates new issue page
2021-07-16 10:50:22 -07:00
Mariano Cano
4aa529605d
Merge pull request #641 from hillu/quote-serial
...
Log certificate's serial number as stringified decimal number
2021-07-16 18:53:51 +02:00
Mariano Cano
76413b845e
Merge pull request #644 from hslatman/hs/fix-provisioner-name-log
...
Fix logging provisioner name as string
2021-07-16 04:38:40 +02:00
Herman Slatman
9210a6740b
Fix logging provisioner name as string
2021-07-15 23:13:08 +02:00
Hilko Bengen
edb01bc9f2
Log certificate's serial number as stringified decimal number
...
Using a JSON string fixes a common issue with JSON parsers that
deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate
serial numbers are usually 128 bit values.)
This change is consistent with existing log entries for revocation
requests.
See also: #630 , #631
2021-07-14 12:06:28 +02:00
Mariano Cano
dd9850ce4c
Add working implementation of the linkedca.
...
Replaces the authority adminDB with a new impmentation that users the
linkedca client to retrieve the data.
Note that this implementation still hardcodes the endpoint to localhost.
2021-07-12 18:11:00 +02:00
Mariano Cano
49c1427d15
Use authorityId instead of authorityID.
...
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
2021-07-12 15:31:05 +02:00
Mariano Cano
f7e09af9df
Implement the login command.
...
The login commands creates a new certificate for the linked ca.
This certificate will be used to sync data with the linkedca
endpoint.
2021-07-12 15:28:13 +02:00
Herman Slatman
258efca0fa
Improve revocation authorization
2021-07-10 00:28:31 +02:00
Herman Slatman
97165f1844
Fix test mocking for CreateCertificate
2021-07-09 22:48:03 +02:00
Herman Slatman
2b15230aa4
Add Serial to Cert ID ACME table and lookup
2021-07-09 17:51:31 +02:00
Herman Slatman
8f7e700f09
Merge branch 'master' into hs/acme-revocation
2021-07-09 11:22:25 +02:00
Max
b9743b36e1
Merge pull request #599 from smallstep/max/cert-mgr-crud
...
certificate manager
2021-07-08 16:29:30 -07:00
max furman
857a50434c
Merge branch 'master' into max/cert-mgr-crud
2021-07-08 16:25:52 -07:00
Max
517fab1b54
Merge pull request #602 from hslatman/hs/ip-verification
...
IP Identifier Validation [RFC8738]
2021-07-08 16:24:34 -07:00
max furman
681226a798
Merge branch 'master' into max/cert-mgr-crud
2021-07-08 16:21:09 -07:00
max furman
1df21b9b6a
Addressing comments in PR review
...
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
2021-07-06 17:14:13 -07:00
Mariano Cano
bc14341387
Fix bootstrap command.
2021-07-06 16:35:00 +02:00
max furman
5679c9933d
Fixes from PR review
2021-07-03 12:08:30 -07:00
max furman
77fdfc9fa3
Merge branch 'master' into max/cert-mgr-crud
2021-07-02 20:26:46 -07:00
max furman
9fdef64709
Admin level API for provisioner mgmt v1
2021-07-02 19:05:17 -07:00