Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,314 Commits
45 Branches
214 Tags
92 MiB
max/update-hardcoded-aws-certs
dependabot/go_modules/go.step.sm/crypto-0.47.0
dependabot/go_modules/golang.org/x/crypto-0.24.0
dependabot/go_modules/google.golang.org/api-0.183.0
dependabot/go_modules/github.com/google/go-tpm-0.9.1
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
master
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

153 Commits (master)

Author SHA1 Message Date
Erik De Lamarter 6989c7f146
vault auth unit tests 2 years ago
Erik De Lamarter 6c44291d8d
refactor vault auth 2 years ago
Erik De Lamarter dec1067add
vault kubernetes auth 2 years ago
Mariano Cano 3aebe8d019 Add missing comma in comment. 2 years ago
Mariano Cano e29c85bbd4 Use errors and fmt instead of pkg/errors. 2 years ago
Mariano Cano 76c483c36f Add missing comments. 2 years ago
Mariano Cano 48bc20c9f3 Unify json parameters. 2 years ago
Mariano Cano 790a19c6f6
make json names uniform 
Co-authored-by: Ahmet Demir <ahmet2mir+github@gmail.com>
 2 years ago
Mariano Cano 967d9136ca Cleanup Vault CAS integration 2 years ago
Mariano Cano 37b521ec6c
Merge branch 'master' into feat/vault 2 years ago
Raal Goff c8b38c0e13 implemented requested changes 2 years ago
Raal Goff d417ce3232 implement changes from review 2 years ago
Raal Goff e8fdb703c9 initial support for CRL 2 years ago
Mariano Cano abf5fc32a3 Format comment. 2 years ago
Mariano Cano c480936ba4 Split comments. 2 years ago
Mariano Cano 955d4cf80d Add authority.WithX509SignerFunc 
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
 2 years ago
Mariano Cano ae7b41a12c Fix linter errors. 2 years ago
Mariano Cano c0525381eb Merge branch 'master' into feat/vault 2 years ago
Mariano Cano d424159200 Fix certificate type identification 2 years ago
Mariano Cano b3316c4a56 Refactor json Marshal+Unmarshal in one function. 2 years ago
Ahmet DEMIR a9550a746f
fix: add back commented tests 2 years ago
Ahmet DEMIR ab5197500c
fix: a certificat must excldue the root and you should use verified chained intermediate 2 years ago
Ahmet DEMIR 782ff76963
fix: apply suggestion to use cr only 2 years ago
Ahmet DEMIR b49ac2501b
feat: enhance options and fix revoke plus more tests 2 years ago
Ahmet DEMIR 8ef3abf6d9
fix: minus d on Ed 2 years ago
Herman Slatman ad041d6bb7
Fix deprecation of grpc.WithInsecure option 
With the update of go.step.sm/linkedca grpc.WithInsecure was
deprecated. This commit fixes this by setting up the (insecure)
connection using the new method.
 2 years ago
Ahmet DEMIR d957a57e24
fix: apply mariano suggestions and fixes 
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
 2 years ago
Ahmet DEMIR 16390694e1
feat(vault): adding hashicorp vault cas 2 years ago
Ahmet DEMIR 26d7b70957
feat(cas): add generic Config parameter to allow more flexible configuration on CAS 2 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
Mariano Cano e15b5faf7d Merge branch 'master' into keyvault 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 52a18e0c2d Add key name to CreateCertificateAuthority 3 years ago
Mariano Cano e4e799ca85 Fix typos in comment. 3 years ago
Mariano Cano 6d644880bd Allow to kms signers to define the SignatureAlgorithm 
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
 3 years ago
Mariano Cano de719eb6f0 Add an option to avoid password prompts on step cas 
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
 3 years ago
max furman 77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Mariano Cano 35e6cc275a Fix typos in comments. 3 years ago
Mariano Cano dce1b290bd Remove debug statements. 3 years ago
Mariano Cano ac3c754a6d Use known CA and add tier and gcs bucket options. 3 years ago
Mariano Cano 529eb4bae9 Rename CAPool to CaPool. 3 years ago
Mariano Cano 9db68db509 Add tests with cloudCAS EnableCertificateAuthority. 3 years ago
Mariano Cano 48bc4e549d Fix cloudcas tests. 3 years ago
Mariano Cano 072bd0dcf4 Add support for Google CAS v1 3 years ago
Herman Slatman 491c2b8d93 Improve initialization of SCEP authority 3 years ago
Herman Slatman 2a249d20de Refactor initialization of SCEP authority 3 years ago
Herman Slatman c5e4ea08b3
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano 84018ec71b Clarify comment. 3 years ago
Mariano Cano a9297100d8 Allow to configure the JWK using the encrypted key. 3 years ago
Mariano Cano d9f93ccfde Fix typo. 3 years ago
Mariano Cano edc7c4d90e Add support for password encrypted files 3 years ago
Mariano Cano 80542d6d9a Add JWK as an issuer for stepcas. 3 years ago
Mariano Cano ce3e6bfdf6 Fix linting errors. 3 years ago
Mariano Cano 96de4e6ec8 Return a non-implemented error in stepcas.RenewCertificate. 3 years ago
Mariano Cano 348815f4f6 Fix error message. 3 years ago
Herman Slatman 583d60dc0d
Address (most) PR comments 3 years ago
Mariano Cano e7a6c46e54 Fix linting errors. 3 years ago
Mariano Cano 08e75b614e Do not depend on Go 1.16. 3 years ago
Mariano Cano 6fd6270e7d Remove debug statements. 3 years ago
Mariano Cano 7958f6ebb5 Add support for lifetime. 3 years ago
Mariano Cano ae4b8f58b8 Add support for emails, ips and uris. 3 years ago
Mariano Cano dbb48ecf8d Add tests for stepcas. 3 years ago
Mariano Cano bcf70206ac Add support for revocation using an extra provisioner in the RA. 3 years ago
Mariano Cano a6115e29c2 Add initial implementation of StepCAS. 
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
 3 years ago
Herman Slatman e1cab4966f
Improve initialization of SCEP authority 3 years ago
Herman Slatman 7ad90d10b3
Refactor initialization of SCEP authority 3 years ago
Miclain Keffeler ffbfcfb1f2 format. 4 years ago
Miclain K Keffeler 7a1eb43bb1
Update options.go 4 years ago
Miclain K Keffeler f3396bf964
Update softcas.go 4 years ago
Miclain Keffeler 7545b4a625 leverage intermediate_ca.crt for appending certs. 4 years ago
Mariano Cano a97fab4119 Fix mispell. 4 years ago
Mariano Cano b057c6677a Use test/bufconn instead of a real listener. 4 years ago
Mariano Cano 4f9200cc47 Add missing docs. 4 years ago
Mariano Cano 41a46bbd75 Enable default cas implementation. 4 years ago
Mariano Cano 7020011842 Add some extra tests. 4 years ago
Mariano Cano 7aa8a8fe1e Complete tests for softCAS. 4 years ago
Mariano Cano bb4f2aef2f Fix lint error. 4 years ago
Mariano Cano b275758018 Complete CloudCAS tests. 
Upgrade cloud.google.com/go
 4 years ago
Mariano Cano 10c2ce3071 Add missing files, mocks created using mockgen. 4 years ago
Mariano Cano b2ae112dd2 Add initial tests for CreateCertificateAuthority. 4 years ago
Mariano Cano b68344ec36 Fix unexpected error. 4 years ago
Mariano Cano dff00a0218 Add support for local signing or cloudCAS intermediates. 4 years ago
Mariano Cano 2b4b902975 Add initial support for `step ca init` with cloud cas. 
Fixes smallstep/cli#363
 4 years ago
Mariano Cano 2654231c49 Update option property. 4 years ago
Mariano Cano 9f21813dd6 Rename option. 4 years ago
Mariano Cano 8381e9bd17 Fix typos. 4 years ago
Mariano Cano 8e6d7accf8 Do not add the CRL distribution points extension. 
This extension is added by CloudCAS.
 4 years ago
Mariano Cano 38fa780775 Add interface to get root certificate from CAS. 
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
 4 years ago
Mariano Cano fa099f2ae2 Change method name. 4 years ago
Mariano Cano 884a6f5dd0 Skip test on CI. 4 years ago
Mariano Cano 91aa1e87f1 Do not use go 1.15 methods. 4 years ago
Mariano Cano f2dd5c48cc Fix linting errors. 4 years ago
Mariano Cano 8957e5e5a2 Add missing tests 4 years ago
Mariano Cano e146b3fe16 Add Unit tests for softcas. 4 years ago
Mariano Cano 1550a21f68 Fix unit tests. 4 years ago
Mariano Cano 144ffe73dd Complete unit tests for Google CAS. 4 years ago
Mariano Cano f7d066fca8 Fix key usages. 4 years ago
Mariano Cano 01e6495f43 Add most of cloudcas unit tests and minor fixes. 4 years ago
Mariano Cano 8eff4e77a8 Comment request structs. 4 years ago