1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-11-19 11:16:45 +00:00
Commit Graph

448 Commits

Author SHA1 Message Date
ca0f919201 builder: Better keystore persistence 2018-05-17 13:14:59 +00:00
5272b3438a builder: Name firewall sections 2018-05-17 13:05:08 +00:00
2c1a649952 builder: Enable masquerade for vpn interface 2018-05-17 12:41:37 +00:00
4f1e76935e Fix JavaScript packages installation 2018-05-17 09:40:36 +00:00
e41f284b0e Evaluate hostname after package installation for 'certidude setup authority' 2018-05-17 09:16:14 +00:00
ad1f9c2338 Several updates #5
* Better 'systemctl stop certidude' signal handling
* Add 502.json for better bad gateway error handling
* Generate UUID for .sswan and .mobileconfig files from service name
* More detailed token list view in admin interface
* Improved testcases
2018-05-17 09:00:13 +00:00
c6d117b9cf mailer: Better utf-8 handling 2018-05-16 14:39:51 +00:00
adff4a0a50 Add log message for failing lease update 2018-05-16 11:51:07 +00:00
5bda254c56 snippets: Use TLSv1.2 for Invoke-WebRequest 2018-05-15 14:16:30 +00:00
ce93fbb58b Several updates #4
* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements
2018-05-15 07:45:29 +00:00
728a56a975 Add *~ to .gitignore to ignore Gedit temporary files 2018-05-07 11:19:04 +00:00
f4627b3bd6 Allow provisioning as subordinate CA and add offline install docs 2018-05-07 11:18:29 +00:00
c01cd279c3 authoriy: Fix revoked certificate filenames 2018-05-07 07:44:20 +00:00
bfdd8c4887 Several updates #3
* Move SessionResource and CertificateAuthorityResource to api/session.py
* Log browser user agent for logins
* Remove static sink from backend, nginx always serves static now
* Don't emit 'attribute-update' event if no attributes were changed
* Better CN extraction from DN during lease update
* Log user who deleted request
* Remove long polling CRL fetch API call and relevant test
* Merge auth decorators ldap_authenticate, kerberos_authenticate, pam_authenticate
* Add 'kerberos subnets' to distinguish authentication method
* Add 'admin subnets' to filter traffic to administrative API calls
* Highlight recent log events
* Links to switch between 2, 3 and 4 column layouts in the dashboard
* Restored certidude client snippets in request dialog
* Various bugfixes, improved log messages
2018-05-04 08:55:49 +00:00
4348458d30 cli: Add support for /etc/certidude/{client.conf.d,services.conf.d} 2018-05-04 09:55:01 +03:00
root
77c6fc0881 Fix command ordering for provisioning 2018-05-02 08:25:23 +00:00
4e4b551cc2 Several updates #2
* Reverse RDN components for all certs
* Less side effects in unittests
* Split help dialog shell snippets into separate files
* Restore 'admin subnets' config option
* Embedded subnets, IKE and ESP proposals now configurable in builder.conf
* Use expr instead of bc for math operations in shell
* Better frontend support for Let's Encrypt certificates
2018-05-02 08:11:01 +00:00
5e9251f365 Several updates
* Subnets configuration option for Kerberos machine enrollment
* Configurable script snippets via [service] configuration section
* Preliminary revocation reason support
* Improved signature profile support
* Add domain components to DN to distinguish certificate CN's namespace
* Image builder improvements, add Elliptic Curve support
* Added GetCACaps operation and more digest algorithms for SCEP
* Generate certificate and CRL serial from timestamp (64+32bits) and random bytes (56bits)
* Move client storage pool to /etc/certidude/authority/
* Cleanups & bugfixes
2018-04-27 07:48:15 +00:00
94e5f72566 Migrate signature profiles to separate config file 2018-04-16 12:13:54 +00:00
b9aaec7fa6 Migrate renewal to mutually authenticated TLS connection 2018-04-15 19:27:47 +00:00
1493c0f4a0 api: Check keypair algorithm compatbility during request submission 2018-04-13 13:11:48 +00:00
d7df17dc2c Install 'attr' for authority and disable interactive dialogs for apt 2018-04-13 12:42:54 +00:00
501493ff12 ui: Improved snippets, toggle visibility for OCSP and CRL snippets 2018-04-13 09:53:51 +00:00
a0e263385b Fix certificate serial numbering 2018-04-13 07:57:49 +00:00
ffd1281b83 ocsp: Add EC support 2018-04-13 07:56:05 +00:00
6150add67f tests: Output stdout/stderr 2018-04-10 19:03:15 +03:00
a790df593e tests: Fix package install/import ordering issues 2018-04-10 10:05:08 +00:00
dbbcec6d64 tests: Fix several issues with signature profiles 2018-04-10 09:29:05 +00:00
360f22ab13 tests: Disable NPM's HTTP for Travis, due to old ca-certificates package 2018-04-10 09:28:56 +00:00
d911e5da33 config: Add 'mail suffix' for POSIX accounts to derive e-mail 2018-04-10 09:28:47 +00:00
1bf3298a21 doc: Add GCM for LEDE instructions 2018-04-09 16:26:18 +03:00
17dd3e95b2 Add jinja2 as dependency 2018-04-09 16:25:51 +03:00
27ded33cc6 Open token URL in a new window/tab 2018-04-09 16:25:39 +03:00
3c27f333fd Cleaned up LEDE image builder scripts 2018-04-09 16:25:33 +03:00
577962e09b Several improvements
* Add EC support
* Make token form toggleable
* Make client certificates compatible with iOS native IKEv2
* Fix OU for self-enroll
* Improved sample scripts in web UI
2018-04-09 16:25:03 +03:00
9c6872a949 cli: Add $HOSTNAME option for common name config option of client 2018-03-22 11:15:11 +02:00
1c49626f50 Sevral bugfixes 2018-03-03 13:54:31 +00:00
a46ffcba35 Add PowerShell script for requesting certificates 2018-03-03 11:37:43 +00:00
a1f7b5fca5
Merge pull request #40 from plaes/authority-rework
Authority refactor
2018-02-03 17:13:44 +02:00
5519f63c0c travis: Use sudo -H when calling pip 2018-02-03 14:58:29 +02:00
61de861702 travis: Use suggested syntax for caching pip data 2018-02-03 14:58:29 +02:00
7b6175ab37 api.utils.firewall: Drop click usage and remove unneeded imports 2018-02-03 14:43:43 +02:00
2f0569abb4 Move certidude.firewall to api.utils.firewall where it belongs 2018-02-03 14:43:43 +02:00
2eb93e6698 api: scep: Drop unused imports 2018-02-03 14:05:02 +02:00
5439d5560a api: request: Drop unused imports 2018-02-03 14:05:02 +02:00
167d0cbdfd api: ocsp: Drop unused imports 2018-02-03 14:05:02 +02:00
8626d78b5c api: ocsp: Fix logger 2018-02-03 14:05:02 +02:00
f6c0e1ae85 api: __init__: Drop unused imports and fix broken import 2018-02-03 14:05:02 +02:00
d476998c9e api: log: Drop unused imports 2018-02-03 14:05:02 +02:00
912f5766e4 api: lease: Drop unused imports 2018-02-03 14:05:02 +02:00