Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,284 Commits
43 Branches
214 Tags
91 MiB
mariano/signer
mariano/account-provisioner
mariano/log-errors
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

50 Commits (master)

Author SHA1 Message Date
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
max furman 9bf9bf142d wip 3 years ago
max furman 7b5d6968a5 first commit 3 years ago
max furman 8c709fe3c2 Init config on load | Add wrapper for cli 3 years ago
Mariano Cano a6115e29c2 Add initial implementation of StepCAS. 
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
 3 years ago
Mariano Cano ef92a3a6d7 Move cas options under authority. 4 years ago
Mariano Cano 38fa780775 Add interface to get root certificate from CAS. 
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
 4 years ago
Mariano Cano aad8f9e582 Pass issuer and signer to softCAS options. 
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
 4 years ago
Mariano Cano 1b1f73dec6 Early attempt to develop a CAS interface. 4 years ago
Mariano Cano 4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 4 years ago
Mariano Cano 4e544344f9 Initialize the required config fields on embedded authorities. 
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
 4 years ago
Mariano Cano 824374bde0 Create a method to initialize the authority without a config file. 
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
 4 years ago
Mariano Cano c62526b39f Add wip support for kms. 4 years ago
Mariano Cano e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 4 years ago
Mariano Cano 6d6f496331 Allow no provisioners. 4 years ago
Mariano Cano 50152391a3 Add leeway in identity not before. 4 years ago
Mariano Cano 3fda081e42 Add identity certificate in ssh response. 5 years ago
Mariano Cano 2cb6bd880b Make audiences compatible with the old version. 5 years ago
Mariano Cano 69a7058ff0 Remove global check for number of k8sSA provisioners. 
This was causing a bug in the reload of the ca.
 5 years ago
max furman a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 5 years ago
Mariano Cano cf2b9301c0 Change default user duration to 16h. 5 years ago
Mariano Cano e84489775b Add support for multiple ssh roots. 
Fixes #125
 5 years ago
Mariano Cano 7b8bb6deb4 Add initial support for ssh config. 
Related to smallstep/cli#170
 5 years ago
Mariano Cano 57a529cc1a Allow to enable the SSH CA per provisioner 5 years ago
Mariano Cano e71072d389 Add experimental support for provisioning users. 5 years ago
Mariano Cano 004ea12212 Allow to use custom SSH user/host key files. 5 years ago
Mariano Cano 1c8f610ca9 Add initial implementation of an SSH CA using the JWK provisioner. 
Fixes smallstep/ca-component#187
 5 years ago
max furman ff20d9f5af Fix composite literal uses unkeyed field 5 years ago
max furman ab4d569f36 Add /revoke API with interface db backend 5 years ago
Mariano Cano 7378ed27ac Refactor claims so they can be totally omitted if only the parent is set. 5 years ago
Mariano Cano 507fd01062 Remove provisioner intermediate type. 5 years ago
Mariano Cano 2d00cd0933 Validate audiences in the default provisioner. 5 years ago
Mariano Cano 34ff388828 Use new types in config. 5 years ago
max furman 2c72ada610 remove dead code 5 years ago
max furman 6dc89f46d8 make Duration public 5 years ago
max furman 0615f7eb11 don't wrap time.Duration 5 years ago
max furman 4b742042ee make Duration wrapper publicly accessible 5 years ago
Mariano Cano 6e620073f5 Rename method Empties to HasEmpties 5 years ago
Mariano Cano 98cc243a37 Add support for multiple roots. 5 years ago
Mariano Cano 722bcb7e7a Add initial support for federated root certificates. 5 years ago
Mariano Cano 7e95fc0e45 Strip ports on audience check. 
Services might have proxies behind them so we cannot rely on them.
Fixes #17
 5 years ago
Mariano Cano d6cad2a7f3 Add provisioner option to disable renewal. 
Fixes smallstep/ca-component#108
 6 years ago
max furman c74fcd57a7 ca-component -> certificates 
* fix redundant error check
* add README
 6 years ago
max furman b457b15292 fix: omit empty claims in AuthConfig 6 years ago
max furman d2872564b4 accidentally removed DisableIssuedAtCheck during merge 6 years ago
max furman ee7db4006a change sign + authorize authority api | add provisioners 
* authorize returns []interface{}
 - operators in this list can conform to any interface the user decides
 - our implementation has a combination of certificate claim validators
 and certificate template modifiers.
* provisioners can set and enforce tls cert options
 6 years ago
Mariano Cano 1c1ac1b3fb Add disableIssuedAt check functionality 
Fixes #86
 6 years ago
max furman 0b5f6487e1 change provisioners api 
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
 6 years ago
max furman f1dc00c810 add Provisioner config validation 6 years ago
max furman c284a2c0ab first commit 6 years ago