Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,164 Commits
38 Branches
221 Tags
44 MiB
herman/pkcs7-windows-scep-fix
master
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.4-rc1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6aaa7853b2'
${ noResults }
Commit Graph

2164 Commits (6aaa7853b28f6e225cecae93e82e6d73a3f9a085)
 

Author SHA1 Message Date
max furman 31ad7f2e9b [acme] Continued work on acme db interface (wip) 4 years ago
max furman 34859551ef Add new directory structure 4 years ago
max furman 088432150d Beginnings of acmeDB interface 4 years ago
Mariano Cano 5249ce794b
Merge pull request #516 from smallstep/ra-mode-improvements 
RA mode improvements
 4 years ago
Mariano Cano 84018ec71b Clarify comment. 4 years ago
Mariano Cano 8c8c160c92 Fix method name in comment. 4 years ago
Mariano Cano a9297100d8 Allow to configure the JWK using the encrypted key. 4 years ago
Mariano Cano e727532963 Fix wrong format of the first flag on `step-ca --help` 4 years ago
Mariano Cano bdeb0ccd7c Add support for the flag --issuer-password-file 
The new flag allows to pass a file with the password used to decrypt
the key used in RA mode.
 4 years ago
Mariano Cano 71f59de396
Merge pull request #510 from smallstep/ra-mode 
StepCAS.
 4 years ago
Mariano Cano d9f93ccfde Fix typo. 4 years ago
Mariano Cano edc7c4d90e Add support for password encrypted files 4 years ago
Mariano Cano 80542d6d9a Add JWK as an issuer for stepcas. 4 years ago
Mariano Cano 81428afa6f
Merge pull request #514 from gdbelvin/pin 
PKCS11 Init Pin Flag
 4 years ago
Gary Belvin 341966c30f Check pin flag 4 years ago
Carl Tashian 9146fe8055 Merge branch 'carl/sysd-update' 4 years ago
Gary Belvin 1ac838628a Add flag for setting the pin 4 years ago
Mariano Cano ce3e6bfdf6 Fix linting errors. 4 years ago
Mariano Cano 0b8528ce6b Allow mTLS revocation without provisioner. 4 years ago
Mariano Cano 96de4e6ec8 Return a non-implemented error in stepcas.RenewCertificate. 4 years ago
Mariano Cano 348815f4f6 Fix error message. 4 years ago
Herman Slatman 583d60dc0d
Address (most) PR comments 4 years ago
Herman Slatman a526065d0c
Merge branch 'master' into hs/scep 4 years ago
Mariano Cano e7a6c46e54 Fix linting errors. 4 years ago
Mariano Cano 08e75b614e Do not depend on Go 1.16. 4 years ago
Mariano Cano 6fd6270e7d Remove debug statements. 4 years ago
Mariano Cano 7958f6ebb5 Add support for lifetime. 4 years ago
Mariano Cano ae4b8f58b8 Add support for emails, ips and uris. 4 years ago
Mariano Cano 561341a6f2 Update go.step.sm/crypto. 4 years ago
Mariano Cano dbb48ecf8d Add tests for stepcas. 4 years ago
Mariano Cano bcf70206ac Add support for revocation using an extra provisioner in the RA. 4 years ago
Mariano Cano a6115e29c2 Add initial implementation of StepCAS. 
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
 4 years ago
Carl Tashian 9f0fce6df8 Quoting fix 4 years ago
Carl Tashian 2c09baf696 Two small systemd changes 
1. Don't halt the cert renewer service from ExecStartPost ops if a relying service doesn't exist; halt it if the relying service exists and doesn't restart properly.
2. Use /bin/env bash instead of /bin/bash for portability.
 4 years ago
max furman 3b9eed003d [action] set goreleaser config values back to default 4 years ago
max furman 6861202762 go.sum update 4 years ago
max furman 6d879affa4 [action] remove duplicate step in job 4 years ago
Carl Tashian 33bba8fcd5 Fix goreleaser indentation issue 4 years ago
Carl Tashian 7249f495a9
Merge pull request #503 from smallstep/carl/goreleaser-windows 
Add step-ca Windows build & Scoop release to goreleaser
 4 years ago
Herman Slatman a4844fee7b
Make tests green 4 years ago
Herman Slatman 99952080c7
Make tests not fail hard on ECDSA keys 
All tests for the Authority failed because the test data
contains ECDSA keys. ECDSA keys are no crypto.Decrypter,
resulting in a failure when instantiating the Authority.
 4 years ago
Herman Slatman e30084c9a8
Make linter happy 4 years ago
Herman Slatman 3e0dac3ab4
Fix certificateChain property 4 years ago
Herman Slatman e1cab4966f
Improve initialization of SCEP authority 4 years ago
Herman Slatman 8c5b12e21d
Add non-TLS server and improve crypto.Decrypter interface 
A server without TLS was added to serve the SCEP endpoints. According
to the RFC, SCEP has to be served via HTTP. The `sscep` client, for
example, will stop any URL that does not start with `http://` from
being used, so serving SCEP seems to be the right way to do it.

This commit adds a second server for which no TLS configuration is
configured. A distinct field in the configuration, `insecureAddress`
was added to specify the address for the insecure server.

The SCEP endpoints will also still be served via HTTPS. Some clients
may be able to work with that.

This commit also improves how the crypto.Decrypter interface is
handled for the different types of KMSes supported by step. The
apiv1.Decrypter interface was added. Currently only SoftKMS
implements this interface, providing a crypto.Decrypter required
for SCEP operations.
 4 years ago
Herman Slatman efd5501aca
Merge branch 'master' into hs/scep 4 years ago
Carl Tashian 192207d263 Add Windows build to goreleaser 4 years ago
Herman Slatman 538fe8114d
Fix linter issues 4 years ago
Herman Slatman cc1ecb9438
Store new certificates in database 4 years ago
Mariano Cano a98ea5f9cd
Merge pull request #502 from smallstep/windows-ui 
Add support for cli-utils with powershell support.
 4 years ago