Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,234 Commits
37 Branches
218 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '886b9a1d8d'
${ noResults }
Commit Graph

2234 Commits (886b9a1d8db24970c5b0ca0a386229579785d4af)
 

Author SHA1 Message Date
Carl Tashian f738cb43c3 Make the default provisioner name optional; change DNS names variable name 3 years ago
Carl Tashian 7f2516f33d
Merge pull request #678 from smallstep/docker-init 
New Dockerfile with entrypoint script for easy CA init
 3 years ago
Carl Tashian 4e8e4c638e Add newline to password file for readabiliy 3 years ago
max furman f53f78974e Badger bump to fix issue with caddy build 3 years ago
Carl Tashian bc63829111 Auto-generate password by default 3 years ago
Carl Tashian 7ab26c8303 Auto-generate password by default 3 years ago
Mariano Cano 33b6d4c3c8
Merge pull request #677 from smallstep/go1.17 
Go 1.17 compatibility
 3 years ago
Carl Tashian b88b2f9808 Just adding a comment to the step-ra install script 3 years ago
Carl Tashian 8d52379771 New Dockerfile with entrypoint script for easy CA init 3 years ago
Mariano Cano dc5205cc72 Extract the tls error code and fail accordingly. 3 years ago
Mariano Cano ae58a0ee4e Make tests compatible with Go 1.17. 
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
 3 years ago
Mariano Cano abd78e2d2a Make kms uri compatible with Go 1.17. 
Go 1.17 introduces a change in the net/url package disallowing the
use of semicolon (;) in URL queries. We used url.ParseQuery to
decode the opaque string that is semicolon separated. This change
replaces the semicolon with ampersands before decoding it.
 3 years ago
Mariano Cano a864f0134d Fix key version when SHA512WithRSA is used. 
There was a typo creating RSA keys with SHA256 digests instead of
SHA512
 3 years ago
Mariano Cano b1f59586ab Update message to align with UI. 3 years ago
Mariano Cano e3ef4a7da9 Update test with default tls options. 3 years ago
Mariano Cano da2802504b Use Default min version if not specified. 3 years ago
Mariano Cano 456ffd8806 Use linkedca v0.5.0 3 years ago
Mariano Cano 6a7ea71f19
Merge pull request #672 from smallstep/azure-tofu 
Allow the reuse of azure tokens if DisableTrustOnFirstUse is true
 3 years ago
Mariano Cano d4ae267add Fix ErrAllowTokenReuse comment. 3 years ago
Mariano Cano 9e5762fe06 Allow the reuse of azure token if DisableTrustOnFirstUse is true 
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.

The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.

Fixes #656
 3 years ago
Mariano Cano 66f6c73655 Update badger driver to use v2 by default. 3 years ago
Mariano Cano 492ff4b632 Ask for the first provisioner password if none is provided. 3 years ago
Mariano Cano 28e882c9b3 Add deployment type to export. 3 years ago
Mariano Cano 072ba4227c Add deployment type to config. 
This field is ignored except for the start of the ca. If the type
is linked and the token is not passed, it will fail with an error.
 3 years ago
Mariano Cano 56bb3eb6e1 Add next steps for linked ca. 3 years ago
Mariano Cano 47a30f1524 Add JWK provisioner to generic config. 
Fix linter errors.
 3 years ago
Mariano Cano 536536c92d Wrap json errors. 3 years ago
Mariano Cano 640f523150 Remove unused function. 3 years ago
Mariano Cano 9d51c2cceb Fix linter errors in the name of export methods. 3 years ago
Mariano Cano 16d3afb92a Remove unused method. 3 years ago
Mariano Cano d72fa953ac Remove debug statements. 3 years ago
Mariano Cano 3f07eb597a Implement revocation using linkedca. 3 years ago
Mariano Cano 81004ce1f9 Remove deprecated functions. 3 years ago
Mariano Cano f643af7095 Update onboarding flow with new pki package. 3 years ago
Mariano Cano 79cf059447 Remove deprecated methods and write all pki files at once. 3 years ago
Mariano Cano ad4dbd6764 Write all files on save. 3 years ago
Mariano Cano 50f7a0d0c0 Work in progress implementation of PKI with helm support 3 years ago
Mariano Cano 798b90c359 Move linkedca configuration to the main package. 3 years ago
Mariano Cano de719eb6f0 Add an option to avoid password prompts on step cas 
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
 3 years ago
Mariano Cano de292fbed6 Use branch version of linkedca. 3 years ago
Mariano Cano 721459210e Make pki initialization more flexible. 3 years ago
Mariano Cano 384be6e205 Do not show provisioners if they are not required. 
For deployment types like linked ca, the list of provisioners in
the ca.json are not required, so we should tag the json as omitempty.
 3 years ago
Mariano Cano b0e0f2b89d Use linkedca GetAdmin and GetProvisioner. 3 years ago
Mariano Cano 91a369f618 Automatically enable admin properly on linked cas. 3 years ago
Mariano Cano 26122a2cbf Enable admin automatically if a token is provided. 3 years ago
Carl Tashian 9572c62520
Merge pull request #657 from smallstep/ra-installer 
RA install script
 3 years ago
Mariano Cano 5344f42f21 Allow to use the environment variable STEP_CA_TOKEN 
For helm charts we want to store the tokens in a secret and load
it from an environment variable.
 3 years ago
Mariano Cano 2620c38aee Add is converting provisioners to linkedca. 
The ids are required to be able to link admins with provisioners.
 3 years ago
Mariano Cano e62d7988b8 Do not store password on exports. 3 years ago
Mariano Cano ac363d7824 Add --password-file and --issuer-password-file flags to export. 3 years ago