Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,987 Commits
43 Branches
215 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '53ad3a9dbe'
${ noResults }
Commit Graph

239 Commits (53ad3a9dbe845eb1a79a28b5335081f5dfddf29c)

Author SHA1 Message Date
Mariano Cano c903f00cd4 Rename claim to allowRenewAfterExpiry. 2 years ago
Mariano Cano 616490a9c6 Refactor renew after expiry token authorization 
This changes adds a new authority method that authorizes the
renew after expiry tokens.
 2 years ago
Mariano Cano 3fb5e57f12 Upgrade nosql package 
The new version of the package allows filtering out database drivers
using Go tags.
 2 years ago
Mariano Cano 6f46cdb432
Merge pull request #829 from vijayjt/new-azure-token-authz-options 
Add subscription and object ID validation options to Azure provisioner
 2 years ago
vijayjt 7a32c312bf Update linkedca dependency version 2 years ago
max furman 9d885e6914 bump nosql for postgres support 2 years ago
Mariano Cano c0525381eb Merge branch 'master' into feat/vault 2 years ago
Herman Slatman c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes 2 years ago
Mariano Cano 09a9b3e1c8 Upgrade go.step.sm/crypto 2 years ago
Herman Slatman 3b72d241e0
Add LinkedCA integration for improved SCEP provisioner 2 years ago
Ahmet DEMIR d957a57e24
fix: apply mariano suggestions and fixes 
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
 2 years ago
Ahmet DEMIR 16390694e1
feat(vault): adding hashicorp vault cas 2 years ago
Mariano Cano 01a76445ea Upgrade go.step.sm/crypto 3 years ago
Mariano Cano 98044cf08d Use a tagged version of linkedca 3 years ago
Mariano Cano 6a1d0cb9f8 Add linkedca conversions. 3 years ago
Mariano Cano 9ec0276887 Update certificate set with new api. 3 years ago
Mariano Cano 32390a2964 Add initial implementation of a nebula provisioner. 
A nebula provisioner will generate a X509 or SSH certificate with
the identities in the nebula certificate embedded in the token.
The token is signed with the private key of the nebula certificate.
 3 years ago
Herman Slatman 06bb97c91e
Add logic for Account authorizations and improve tests 3 years ago
max furman 7fac8c96c3 Merge branch 'master' into max/context 3 years ago
max furman 196f6b45c9 bump cli-utils to 0.7.0 3 years ago
max furman b5bf79b84e bump nosql library 3 years ago
max furman 555431448c bump version ofcli-utils 3 years ago
max furman da74fa2eb9 Rename FullSnippet to Fragment and remove unused replace in go.mod 3 years ago
max furman 741ac64c61 change name of package cli-utils/config to cli-utils/step 3 years ago
Herman Slatman 2c05f488f6
Remove support for Go 1.15 3 years ago
Mariano Cano 62a20c7db5 Upgrade cli-utils with latest version of promptui 3 years ago
Mariano Cano 9958e0645f Replace promptui with apache-compatible fork. 
Promptui depends on github.com/juju/ansiterm that is licensed under
LGPL. The fork replaces ansiterm.TabWriter with the one in the
standard library.
 3 years ago
Mariano Cano 0927e0d22a Upgrade go.step.sm/crypto dependency 
The new version removes "env" and "expandenv" sprig functions.
 3 years ago
Mariano Cano edd475b81b Allow to configure azurekms using the URI 
With an URI, azurekms can be configured with client credentials,
and it can define a default vault and protection level.
 3 years ago
Mariano Cano e15b5faf7d Merge branch 'master' into keyvault 3 years ago
Mariano Cano d8720c3723 Update linkedca package. 3 years ago
Mariano Cano 48549bf317 Initialize windows terminal on all binaries. 3 years ago
Mariano Cano 6389100325 Add unit tests for azurekms. 3 years ago
Mariano Cano 392a18465f Add initial implementation of Azure Key Vault KMS. 
Fixes #462
 3 years ago
Mariano Cano ad82d8a250 Upgrade go.step.sm/crypto as long with go-jose.v2 
There was a typo in the OKP template causing bad fingerprints for
Ed25519 keys.

See a10ff54e00

Fixes #705
 3 years ago
Herman Slatman 73d0a11a20
Update github.com/micromdm/scep/v2 3 years ago
Herman Slatman 611859eec4
Update go.mozilla.org/pkcs7 
This includes the fix as described in https://github.com/mozilla-services/pkcs7/pull/59,
which was the reason a fork of the library was used.
 3 years ago
Mariano Cano 9e7a3cd897 Update go.step.sm/crypto 3 years ago
Mariano Cano 352acf8faa Upgrade golang.org/x/crypto 3 years ago
Mariano Cano 42fde8ba28
Merge branch 'master' into linkedca 3 years ago
max furman 2317bf183b Nosql and badger bump 3 years ago
max furman cc9bc9c84b Bump Badger 3 years ago
max furman f53f78974e Badger bump to fix issue with caddy build 3 years ago
Mariano Cano 456ffd8806 Use linkedca v0.5.0 3 years ago
Mariano Cano 28e882c9b3 Add deployment type to export. 3 years ago
Mariano Cano 798b90c359 Move linkedca configuration to the main package. 3 years ago
Mariano Cano de292fbed6 Use branch version of linkedca. 3 years ago
Mariano Cano dc1ec18b52 Create a way to export ca configurations. 3 years ago
Mariano Cano d0c1530f89 Remove replace of linkedca package. 3 years ago
Mariano Cano 4ad82a2f76 Check linkedca for revocation. 3 years ago
Mariano Cano 71f8019243 Store x509 and ssh certificates on linkedca if enabled. 3 years ago
Mariano Cano 17eef81c91 Remove linkerd replace. 3 years ago
Mariano Cano a72eab915b Use linkedca v0.1.0 3 years ago
Mariano Cano 8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 3 years ago
Mariano Cano f7e09af9df Implement the login command. 
The login commands creates a new certificate for the linked ca.
This certificate will be used to sync data with the linkedca
endpoint.
 3 years ago
max furman 77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Mariano Cano 65dacc2795 Replace golint with revive 3 years ago
Mariano Cano 2a97389f1b Upgrade dependencies. 3 years ago
Mariano Cano 072bd0dcf4 Add support for Google CAS v1 3 years ago
Herman Slatman 66a67ed691 Update to v2.0.0 of github.com/micromdm/scep 3 years ago
Herman Slatman 75cd3ab0ac Change to a fixed fork of go.mozilla.org/pkcs7 
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
 3 years ago
Herman Slatman 2a249d20de Refactor initialization of SCEP authority 3 years ago
Herman Slatman 48c86716a0 Add rudimentary (and incomplete) support for SCEP 3 years ago
Herman Slatman bc2bb53009
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano f84c8f846a Upgrade x/crypto 
Although this does not affects us the old version had the vulnerability
CVE-2020-29652
 3 years ago
max furman b205f50412 bump crypto to 0.8.3 and go mod tidy 3 years ago
Herman Slatman c3d9cef497
Update to v2.0.0 of github.com/micromdm/scep 3 years ago
Herman Slatman c5e4ea08b3
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano 561341a6f2 Update go.step.sm/crypto. 3 years ago
Herman Slatman efd5501aca
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano d74f1fa55e Use cli-utils v0.2.0 3 years ago
Mariano Cano a1a7e38a49 Add support for cli-utils with powershell support. 3 years ago
Herman Slatman 9df5f513e7
Change to a fixed fork of go.mozilla.org/pkcs7 
Hopefully this will be a temporary change until
the fix is merged in the upstream module.
 3 years ago
Herman Slatman 7ad90d10b3
Refactor initialization of SCEP authority 3 years ago
Herman Slatman 9e43dc85d8
Merge branch 'master' into hs/scep-master 3 years ago
Mariano Cano 3eb24d7d01 Remove duplicated replace. 3 years ago
Herman Slatman ffdd58ea3c
Add rudimentary (and incomplete) support for SCEP 3 years ago
Mariano Cano f289d1ee1f Update to crypto11 v1.2.4 
This version now includes my changes to delete a certificate.
 3 years ago
Mariano Cano 4fbf7569fa Merge branch 'master' into pkcs11 3 years ago
Mariano Cano 1d47a7284d Upgrade nosql with a version of badger compatible with 32bits 3 years ago
Mariano Cano 6c0cf99b24 Upgrade nosql with a 32-bit version of badger. 3 years ago
Mariano Cano 8dca652bc7 Add support for PKCS #11 KMS. 
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
 3 years ago
Mariano Cano c61222de1d Upgrade nosql version. 
nosql has newer version of badgers v1 and v2.
 3 years ago
Derek Gaffney 8416bd633d Bump go-piv to v1.7.0 for x32 overflow fix 4 years ago
Mariano Cano 86c947babc Upgrade crypto and fix test. 4 years ago
Mariano Cano d6ea8b13ab Upgrade crypto. 
Related to #435
 4 years ago
Mariano Cano 921de7e07f Upgrade crypto to v0.7.1 
Add basic constraints extensions if defined.
 4 years ago
Mariano Cano 736a6fb64e Fix rebase. 4 years ago
Mariano Cano b275758018 Complete CloudCAS tests. 
Upgrade cloud.google.com/go
 4 years ago
Mariano Cano b2ae112dd2 Add initial tests for CreateCertificateAuthority. 4 years ago
Mariano Cano 461735718d Update go.step.sm/crypto dependency. 4 years ago
Mariano Cano 2b4b902975 Add initial support for `step ca init` with cloud cas. 
Fixes smallstep/cli#363
 4 years ago
Mariano Cano b79701202b Use cli-utils@v0.1.0 4 years ago
Mariano Cano 40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 4 years ago
max furman 81a0df9e45 go mod tidy 4 years ago
max furman bf45e6ff16 Bump cli to v0.15.3 4 years ago
max furman 3f4d041082 bump cli to master 4 years ago
Mariano Cano 647b9b4541
Merge pull request #367 from smallstep/cas 
Support for CAS Interface and CloudCAS
 4 years ago
Mariano Cano 4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners. 
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
 4 years ago