1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-11-14 17:06:44 +00:00
Commit Graph

49 Commits

Author SHA1 Message Date
2b86a5c2c7 Grand unified snippets 2018-05-29 09:06:07 +00:00
ad1f9c2338 Several updates #5
* Better 'systemctl stop certidude' signal handling
* Add 502.json for better bad gateway error handling
* Generate UUID for .sswan and .mobileconfig files from service name
* More detailed token list view in admin interface
* Improved testcases
2018-05-17 09:00:13 +00:00
ce93fbb58b Several updates #4
* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements
2018-05-15 07:45:29 +00:00
f4627b3bd6 Allow provisioning as subordinate CA and add offline install docs 2018-05-07 11:18:29 +00:00
59bedc1f16 Major refactor
* Migrate to Python 3
* Update token generator mechanism
* Switch to Bootstrap 4
* Switch from Iconmonstr to Font Awesome icons
* Rename default CA common name to "Certidude at ca.example.lan"
* Add self-enroll for the TLS server certificates
* TLS client auth for lease updating
* Compile assets from npm packages to /var/lib/certidude/ca.example.lan/assets
2017-12-30 14:00:19 +00:00
509f7bfaa8 Migrate from cryptography.io to oscrypto 2017-08-16 20:25:16 +00:00
1f1ca2c211 cli: Drop package management provided cryptography.io and falcon 2017-07-08 08:55:43 +00:00
5d48abe973 api: Preliminary OCSP support 2017-05-25 22:20:45 +03:00
649863a77e tests: Handle forking 2017-05-03 07:04:52 +00:00
d5edbe50c5 Token mechanism fixes 2017-04-24 20:33:55 +03:00
9658d8cc83 Fixes, add some screenshots 2017-04-22 22:48:29 +03:00
c5a0b34b0a Update README 2017-04-14 01:47:28 +03:00
02482e8d79 Migrate to python-gssapi 2017-04-13 14:33:40 +00:00
06010ceaf3 Refactor
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
2017-03-13 11:42:58 +00:00
c979d73bec Fix typos for local time conversion 2017-01-30 06:27:12 +00:00
93abceb9bd Update README 2017-01-26 12:57:41 +02:00
4c69efbf87 Rely on nunjucks files provided by npm 2017-01-20 10:51:45 +00:00
86244d294b Reorder and reformat usecases 2016-09-18 19:06:10 +03:00
6f99c32c38 Describe usecases 2016-09-18 17:27:34 +03:00
b8cb12ecd8 Improve installation instructions 2016-09-18 14:33:13 +03:00
b4d006227a Refactor codebase
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
d2a259b887 Merge authority setup and production setup 2016-03-29 22:03:27 +03:00
3d32de8cad Documentation fixes and attempt to fix Travis 2016-03-28 00:00:41 +03:00
925bc0ef9a Refactor users, add OpenVPN and mailing support
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
811e6dbb08 Complete overhaul
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
661e7608ef ui: Precompile nunjucks templates 2016-01-25 11:18:19 +02:00
704523626b Rename spawn commands 2016-01-15 11:18:27 +02:00
21c436ec88 Merge branch 'master' of https://github.com/laurivosandi/certidude
Conflicts:
	certidude/cli.py
2016-01-10 19:53:02 +02:00
de08ba759d Release version 0.1.20 2016-01-10 19:51:54 +02:00
67c6a49dff api: Use uwsgi provided socket for nginx 2016-01-02 01:05:48 +02:00
7f48476173 doc: Cleaned up nginx configration bits 2015-12-23 14:48:31 +00:00
fbbf7a320d Add preliminary support for logging
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
2015-12-13 15:11:22 +00:00
b788d701eb Refactor wrappers
Completely remove wrapper class for CA,
use certidude.authority module instead.
2015-12-12 22:39:17 +00:00
5876f61e15 Reverted nginx configuration example 2015-11-20 21:18:16 +01:00
f893582338 Major refactoring, CA is associated with it's hostname now 2015-11-15 15:55:26 +01:00
ffd6eccd80 Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov
Conflicts:
	certidude/api.py
2015-11-06 09:08:00 +02:00
3012d843a9 Enabled certificate publishing from command-line
Instead of defining environment variables for
push server URL-s the URL-s are now fetched
from openssl.cnf instead.
2015-10-26 21:52:48 +01:00
e6817b0c81 Added instructions for automating certificate management on Ubuntu 2015-10-17 20:42:59 +03:00
8caf917d75 Add travis and codecov status badges 2015-10-08 14:25:27 +03:00
4187b3064c Improved documentation about AD integration. 2015-09-01 20:25:20 +03:00
a3fd7edbfb Add kerberos to requirements 2015-08-28 05:55:28 +00:00
48541b7a08 Updated README 2015-08-22 23:19:30 +03:00
f92853bedb Added diagrams and improved docs 2015-08-16 18:09:06 +03:00
e2f27078d1 Added preliminary Kerberos authentication support 2015-08-16 17:21:42 +03:00
c5d27e8a76 Released 0.1.17 2015-08-13 11:11:08 +03:00
f24ef4024c Fixes 2015-07-27 18:49:50 +03:00
10a329c0fe Added uWSGI support and documentation 2015-07-27 15:30:50 +03:00
d024f778f8 Implemented essential functionality 2015-07-26 23:34:46 +03:00
0af381fc46 Initial commit 2015-07-12 22:22:10 +03:00