Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,254 Commits
43 Branches
215 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '42f56d6906'
${ noResults }
Commit Graph

2254 Commits (42f56d6906b2e5731457da71f18bc979906d1a0e)
 

Author SHA1 Message Date
Mariano Cano de292fbed6 Use branch version of linkedca. 3 years ago
Mariano Cano 721459210e Make pki initialization more flexible. 3 years ago
Mariano Cano 384be6e205 Do not show provisioners if they are not required. 
For deployment types like linked ca, the list of provisioners in
the ca.json are not required, so we should tag the json as omitempty.
 3 years ago
Mariano Cano b0e0f2b89d Use linkedca GetAdmin and GetProvisioner. 3 years ago
Mariano Cano 91a369f618 Automatically enable admin properly on linked cas. 3 years ago
Mariano Cano 26122a2cbf Enable admin automatically if a token is provided. 3 years ago
Carl Tashian 9572c62520
Merge pull request #657 from smallstep/ra-installer 
RA install script
 3 years ago
Mariano Cano 5344f42f21 Allow to use the environment variable STEP_CA_TOKEN 
For helm charts we want to store the tokens in a secret and load
it from an environment variable.
 3 years ago
Mariano Cano 2620c38aee Add is converting provisioners to linkedca. 
The ids are required to be able to link admins with provisioners.
 3 years ago
Mariano Cano e62d7988b8 Do not store password on exports. 3 years ago
Mariano Cano ac363d7824 Add --password-file and --issuer-password-file flags to export. 3 years ago
Mariano Cano 4f27f4b002 Change default ciphersuites to newer names. 3 years ago
Carl Tashian 97af829805 RA install script 3 years ago
Mariano Cano 07f7316851 Add bastion to export. 3 years ago
Mariano Cano 0730a165fd Add collection of files and authority template. 3 years ago
Mariano Cano c7f8516142 Add to export all the information in the ca.json 3 years ago
Mariano Cano 887423ee6e Update TLS cipher suites. 3 years ago
Carl Tashian 53d08e1f5c
Remove microbadger.com (the website is gone) 3 years ago
Carl Tashian 8f4c833845
Update README.md 3 years ago
Mariano Cano dc1ec18b52 Create a way to export ca configurations. 3 years ago
Mariano Cano d0c1530f89 Remove replace of linkedca package. 3 years ago
Mariano Cano 3a00b6b396 Properly marshal a certificate when we send it to linkedca. 3 years ago
Mariano Cano 4ad82a2f76 Check linkedca for revocation. 3 years ago
Mariano Cano f7542a5bd9 Move check of ssh revocation from provisioner to the authority. 3 years ago
Carl Tashian cff19691b3
Merge pull request #654 from smallstep/needs-renewal 
Fix needs-renewal condition and switch to using ExecCondition
 3 years ago
Carl Tashian 09b554f855
Merge pull request #609 from smallstep/discord 
update gitter to discord
 3 years ago
Carl Tashian 22ef324534 Fix needs-renewal condition and switch to using ExecCondition 3 years ago
Mariano Cano 71f8019243 Store x509 and ssh certificates on linkedca if enabled. 3 years ago
Mariano Cano 17eef81c91 Remove linkerd replace. 3 years ago
Mariano Cano a72eab915b Use linkedca v0.1.0 3 years ago
Mariano Cano 7c0faab73e Remove now unused step-ca login. 3 years ago
Carl Tashian f8c137af4f
Update provisioners.md 3 years ago
Carl Tashian 28acc1b7d2
Merge pull request #653 from smallstep/needs-renewal 
systemd cert renewer can now use 'step certificate needs-renewal'
 3 years ago
Mariano Cano 8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 3 years ago
Carl Tashian 0dd6564b1e
README link fixes 3 years ago
Carl Tashian 3e5b90b6fa systemd cert renewer can now use 'step certificate needs-renewal' 3 years ago
Herman Slatman a4cfb6698f
Merge branch 'master' into hs/acme-revocation 3 years ago
max furman bd51b1f85b Updates for new issue page 3 years ago
max furman a3af991261 Update pull request labeler action 3 years ago
max furman b71ff09a08 UI updates for certificates new issue page 3 years ago
Mariano Cano 4aa529605d
Merge pull request #641 from hillu/quote-serial 
Log certificate's serial number as stringified decimal number
 3 years ago
Mariano Cano 76413b845e
Merge pull request #644 from hslatman/hs/fix-provisioner-name-log 
Fix logging provisioner name as string
 3 years ago
Herman Slatman 9210a6740b
Fix logging provisioner name as string 3 years ago
Hilko Bengen edb01bc9f2 Log certificate's serial number as stringified decimal number 
Using a JSON string fixes a common issue with JSON parsers that
deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate
serial numbers are usually 128 bit values.)

This change is consistent with existing log entries for revocation
requests.

See also: #630, #631
 3 years ago
Mariano Cano dd9850ce4c Add working implementation of the linkedca. 
Replaces the authority adminDB with a new impmentation that users the
linkedca client to retrieve the data.

Note that this implementation still hardcodes the endpoint to localhost.
 3 years ago
Mariano Cano 49c1427d15 Use authorityId instead of authorityID. 
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
 3 years ago
Mariano Cano f7e09af9df Implement the login command. 
The login commands creates a new certificate for the linked ca.
This certificate will be used to sync data with the linkedca
endpoint.
 3 years ago
Herman Slatman 258efca0fa
Improve revocation authorization 3 years ago
Herman Slatman 97165f1844
Fix test mocking for CreateCertificate 3 years ago
Herman Slatman 2b15230aa4
Add Serial to Cert ID ACME table and lookup 3 years ago