lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
461 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

14 Commits

Author SHA1 Message Date
Lauri Võsandi 14b5761a36 Refactor cronjobs 2018-05-24 07:27:52 +00:00
Lauri Võsandi ce93fbb58b Several updates #4 
* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements
 2018-05-15 07:45:29 +00:00
Lauri Võsandi 27ded33cc6 Open token URL in a new window/tab 2018-04-09 16:25:39 +03:00
Lauri Võsandi 59bedc1f16 Major refactor 
* Migrate to Python 3
* Update token generator mechanism
* Switch to Bootstrap 4
* Switch from Iconmonstr to Font Awesome icons
* Rename default CA common name to "Certidude at ca.example.lan"
* Add self-enroll for the TLS server certificates
* TLS client auth for lease updating
* Compile assets from npm packages to /var/lib/certidude/ca.example.lan/assets
 2017-12-30 14:00:19 +00:00
Lauri Võsandi 509f7bfaa8 Migrate from cryptography.io to oscrypto 2017-08-16 20:25:16 +00:00
Lauri Võsandi 189c604832 tests: Better code coverage 2017-05-03 21:04:34 +00:00
Lauri Võsandi 9aab212647 Add tests for token mechanism 2017-04-26 09:13:41 +03:00
Lauri Võsandi 9658d8cc83 Fixes, add some screenshots 2017-04-22 22:48:29 +03:00
Lauri Võsandi 029ee357fb Token mechanism fixes: 
* Save token secret to config
* OpenVPN profile fixes for Ubuntu 16.04
* Raise correct exceptions for invalid tokens
* Display token expiration time in local time
 2017-04-22 14:10:54 +03:00
Lauri Võsandi 0344141faf Add token based auth for profiles 2017-04-21 21:22:08 +00:00
Lauri Võsandi 9a793088c6 Use local MTA for sending e-mail 2017-04-21 16:58:01 +00:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 925bc0ef9a Refactor users, add OpenVPN and mailing support 
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
 2016-03-27 23:38:14 +03:00
Lauri Võsandi 811e6dbb08 Complete overhaul 
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
 2016-03-21 23:42:39 +02:00