lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
461 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

21 Commits

Author SHA1 Message Date
Lauri Võsandi 6299d468c0 Packaging fixes 2018-05-17 20:18:19 +00:00
Lauri Võsandi 5565446b51 builder: masq flag is associated with zone, not interface 2018-05-17 13:20:07 +00:00
Lauri Võsandi ca0f919201 builder: Better keystore persistence 2018-05-17 13:14:59 +00:00
Lauri Võsandi 5272b3438a builder: Name firewall sections 2018-05-17 13:05:08 +00:00
Lauri Võsandi 2c1a649952 builder: Enable masquerade for vpn interface 2018-05-17 12:41:37 +00:00
Lauri Võsandi ce93fbb58b Several updates #4 
* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements
 2018-05-15 07:45:29 +00:00
Lauri Võsandi 4e4b551cc2 Several updates #2 
* Reverse RDN components for all certs
* Less side effects in unittests
* Split help dialog shell snippets into separate files
* Restore 'admin subnets' config option
* Embedded subnets, IKE and ESP proposals now configurable in builder.conf
* Use expr instead of bc for math operations in shell
* Better frontend support for Let's Encrypt certificates
 2018-05-02 08:11:01 +00:00
Lauri Võsandi 5e9251f365 Several updates 
* Subnets configuration option for Kerberos machine enrollment
* Configurable script snippets via [service] configuration section
* Preliminary revocation reason support
* Improved signature profile support
* Add domain components to DN to distinguish certificate CN's namespace
* Image builder improvements, add Elliptic Curve support
* Added GetCACaps operation and more digest algorithms for SCEP
* Generate certificate and CRL serial from timestamp (64+32bits) and random bytes (56bits)
* Move client storage pool to /etc/certidude/authority/
* Cleanups & bugfixes
 2018-04-27 07:48:15 +00:00
Lauri Võsandi 1bf3298a21 doc: Add GCM for LEDE instructions 2018-04-09 16:26:18 +03:00
Lauri Võsandi 3c27f333fd Cleaned up LEDE image builder scripts 2018-04-09 16:25:33 +03:00
Lauri Võsandi 577962e09b Several improvements 
* Add EC support
* Make token form toggleable
* Make client certificates compatible with iOS native IKEv2
* Fix OU for self-enroll
* Improved sample scripts in web UI
 2018-04-09 16:25:03 +03:00
Lauri Võsandi fba8f5d776 Integrate LEDE image builder 2018-01-03 22:17:35 +00:00
Lauri Võsandi 40d84918eb doc: Update Certidude screenshot 2017-12-31 23:55:14 +02:00
Lauri Võsandi 783bba3474 Add OpenWrt/LEDE integration guide 2017-08-09 16:18:32 +03:00
Lauri Võsandi dc67e46010 Add OpenWrt/LEDE integration script 2017-07-13 17:36:52 +03:00
Lauri Võsandi 9658d8cc83 Fixes, add some screenshots 2017-04-22 22:48:29 +03:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 9c80c7c2c3 Add OpenVPN client template 2017-01-30 16:36:22 +00:00
Lauri Võsandi ffdab4d36d Update strongSwan leftupdown script 2016-03-01 13:52:10 +02:00
Lauri Võsandi e6f050c257 Added preliminary interfacing with updown scripts 2015-11-13 23:20:51 +01:00
Lauri Võsandi f92853bedb Added diagrams and improved docs 2015-08-16 18:09:06 +03:00