Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,272 Commits
45 Branches
214 Tags
91 MiB
mariano/account-provisioner
dependabot/go_modules/github.com/prometheus/client_golang-1.19.1
dependabot/go_modules/golang.org/x/net-0.25.0
dependabot/go_modules/google.golang.org/protobuf-1.34.1
dependabot/go_modules/google.golang.org/api-0.180.0
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
master
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

87 Commits (master)

Author SHA1 Message Date
Mariano Cano 725a913f66
Allow custom SCEP key manager 
This commit allows to inject a custom key manger for SCEP.
 1 month ago
Mariano Cano 10f6a901ec
Let the CA determine the RA lifetime 
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.

This commit also fixes linter warnings.

Related to #1094
 2 months ago
Mariano Cano b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 5 months ago
Mariano Cano 52baf52f84
Change scep password type to string 
This commit changes the type of the decrypter key password to string to
be consistent with other passwords in the ca.json
 8 months ago
Herman Slatman 4fd4227b73
Use shorter SCEP decrypter property names from linkedca 8 months ago
Herman Slatman 5fd70af2c8
Make API responses aware of the new SCEP decrypter properties 8 months ago
Herman Slatman d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter 8 months ago
Herman Slatman 9d3b78ae49
Add `excludeIntermediate` to SCEP provisioner 8 months ago
Max e22166c628
provisionerOptionsToLinkedCA missing template and templateData (#1520) 9 months ago
Herman Slatman 569a1be12c
Merge branch 'master' into herman/scep-provisioner-decrypter 10 months ago
Mariano Cano c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 10 months ago
Herman Slatman 567fc25404
Use the RSA decryption configuration for signing responses too 10 months ago
Herman Slatman 180162bd6a
Refactor SCEP provisioner and decrypter 12 months ago
Herman Slatman 0153ff4377
Remove superfluous `GetChallengePassword` 1 year ago
Herman Slatman c169defc73
Merge pull request #1136 from smallstep/herman/ignore-empty-acme-meta 2 years ago
Herman Slatman 920c4f02c5
Add additional properties to provisioner converters 2 years ago
Mariano Cano c7f226bcec
Add support for renew when using stepcas 
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
 2 years ago
Mariano Cano bd1938b0da
Add support for storing or sending attestation data to linkedca 2 years ago
Andrew Reed 7101fbb0ee
Provisioner webhooks (#1001) 2 years ago
Mariano Cano 906c5067b9
Include attestation roots on provisioner converters 2 years ago
max furman f3d1863ec6
A few more linter errors 2 years ago
Mariano Cano f0a24bd8ca
Add acme property to enable challenges 
Fixes #1027
 2 years ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano bb0210e875 Fix typo in linkedca variable 2 years ago
Mariano Cano 66407139e5 Add methods to convert attestation formats 2 years ago
Mariano Cano 59c5219a07 Use a type for acme challenges 2 years ago
Mariano Cano f1c63bc38d Fix challenge mapping 2 years ago
Mariano Cano bca311b05e Add acme property to enable challenges 
Fixes #1027
 2 years ago
Max f8148071fb
Merge pull request #915 from smallstep/max/removing-beta 
exposing authority configuration for provisioner cli commands
 2 years ago
Herman Slatman c695b23e24
Fix check for admin not belonging to policy 2 years ago
max furman 25b8d196d8 Couple changes in response to PR 
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
 2 years ago
Herman Slatman 60d8b22d89
Change context retrievers to MustTFromContext 2 years ago
max furman b91affdd34 exposing authority configuration for provisioner cli commands 2 years ago
Herman Slatman a2cfbe3d54
Fix (part of) PR comments 2 years ago
Herman Slatman abcad679ff
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman d6be9450be
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano d3b6bc3c75 Merge branch 'master' into fix/adminra 2 years ago
Mariano Cano 674dc3c844 Rename unreleased claim to allowRenewalAfterExpiry for consistency. 2 years ago
Mariano Cano 00cd0f5f21
Apply suggestions from code review 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2 years ago
Mariano Cano 1d1e095447 Add tests for LoadProvisionerByCertificate. 2 years ago
Mariano Cano dfdc9c06ed Fix linter error importShadow 2 years ago
Mariano Cano c55b27a2fc Refactor admin token to use with RAs. 2 years ago
Mariano Cano db337debcd Load provisioner from the database instead of the extension. 2 years ago
Mariano Cano df8ffb35af Remove unnecessary database in provisioner config. 2 years ago
Herman Slatman 96f4c49b0c
Improve how policy errors are returned and used 2 years ago
Herman Slatman dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2 years ago
Herman Slatman 81b0c6c37c
Add API implementation for authority and provisioner policy 2 years ago
Mariano Cano c903f00cd4 Rename claim to allowRenewAfterExpiry. 2 years ago
Mariano Cano 79349b4d7c Add options to use custom renewal methods. 2 years ago
Mariano Cano 6f46cdb432
Merge pull request #829 from vijayjt/new-azure-token-authz-options 
Add subscription and object ID validation options to Azure provisioner
 2 years ago