lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
443 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
Lauri Võsandi ce93fbb58b Several updates #4 
* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements
 2018-05-15 07:45:29 +00:00
Lauri Võsandi 59bedc1f16 Major refactor 
* Migrate to Python 3
* Update token generator mechanism
* Switch to Bootstrap 4
* Switch from Iconmonstr to Font Awesome icons
* Rename default CA common name to "Certidude at ca.example.lan"
* Add self-enroll for the TLS server certificates
* TLS client auth for lease updating
* Compile assets from npm packages to /var/lib/certidude/ca.example.lan/assets
 2017-12-30 14:00:19 +00:00
Lauri Võsandi 9b5511212e Several changes 
* OCSP workaround for StrongSwan
* Machine attributes framework
* Scripting support
* Default to nginx frontend
 2017-07-05 18:22:03 +03:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi fab52dca76 Add request submission from web interface 2016-09-18 16:25:52 +03:00
Lauri Võsandi 811e6dbb08 Complete overhaul 
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
 2016-03-21 23:42:39 +02:00
Lauri Võsandi de08ba759d Release version 0.1.20 2016-01-10 19:51:54 +02:00
Lauri Võsandi af4d50db17 ui: Added product serial tag 2015-12-23 11:46:27 +00:00
Lauri Võsandi da6600e2e9 api: Added signed certificate tagging mechanism 2015-12-16 17:41:49 +00:00
Lauri Võsandi fbbf7a320d Add preliminary support for logging 
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
 2015-12-13 15:11:22 +00:00
Lauri Võsandi f893582338 Major refactoring, CA is associated with it's hostname now 2015-11-15 15:55:26 +01:00
Lauri Võsandi e6f050c257 Added preliminary interfacing with updown scripts 2015-11-13 23:20:51 +01:00
Lauri Võsandi 4eb0cceacc api: Preliminary API-fication of user interface 2015-11-11 20:12:04 +01:00