acertmgr

Commit Graph

Author	SHA1	Message	Date
Rudolf Mayerhofer	ef81ea62d1	Unify key_algorithm handling for elipic curves (change naming to ECC but stay backwards compatible)	2023-07-12 16:10:21 +02:00
Kishi85	2d230e30d9	Clarify expected authority format (at least for v2) and add an example	2021-10-31 09:57:31 +01:00
Kishi85	460b0119ac	configuration: Simplify too complex IDNA conversion	2021-09-13 09:00:59 +02:00
David Klaftenegger	e2f7b09b18	certs already contain idna domain names The idna_convert call here does nothing: when reading a certificate, it already contains idna domain names. Converting them to idna is equivalent to the identity function, and can thus be removed.	2021-05-30 16:21:54 +02:00
Kishi85	b37d0cad94	acertmgr: Add a OCSP validation to certificate verification	2020-03-04 14:50:05 +01:00
Kishi85	6e52dd41b0	docs: Update README	2019-05-06 21:24:35 +02:00
Kishi85	6a07ab1188	tools/configuration: Add support for EC/Ed25519/Ed448 generation	2019-04-19 15:29:44 +02:00
Kishi85	4f0fe2c74a	tools: Add support for Ed25519 and Ed448 account keys Add support for Ed25519 and Ed448 account keys in addition to already supported algorithms	2019-04-16 19:12:25 +02:00
Kishi85	4df74d67d5	tools: add support for EC account keys Allows usage of pre-generated EC account keys (P-256, P-384, P-521) in addition to already supported RSA keys.	2019-04-16 19:12:05 +02:00
Kishi85	1f5ef9322b	tools: remove six dependency Always decode string if the functions is available, assume normal string otherwise	2019-04-07 15:31:07 +02:00
Kishi85	89be66dc87	acertmgr: implement deployment error handling Remove the long-standing todo from cert_put and implement useful error handling and defaults for certificate deployment. Also do a separate try/expect for each deployed file on every single certificate.	2019-04-07 15:31:07 +02:00
Kishi85	b86d8b6e0a	setup: update dependencies and requirements	2019-04-07 15:31:07 +02:00
Kishi85	47e3312aad	dns: Add additional TXT record verifications to reduce wait time This may also be used to guarantee a correct TXT record lookup by setting dns_verify_all_ns=true, a dns_verify_failtime < dns_verify_waittime and a high enough value of dns_verify_failtime (like 300 seconds)	2019-04-04 13:39:34 +02:00
Kishi85	1aae651d98	modes: unify and optimize challenge handler workflow - Remove wait times returned by create_challenge - Remove wait loops from authorities - Add the wait for valid DNS TXT records in the abstract DNSChallengeHandler start_challenge function. - Move challenge verification to start_challenge in general	2019-04-04 13:39:34 +02:00
Kishi85	54cb334600	acertmgr: add support for the ocsp must-staple extension Introduces a new config directive and requires at least cryptography 2.1	2019-04-04 13:39:05 +02:00
Kishi85	fa3fc196f3	configuration: unify how ca_file and ca_static are determined ensure legacy compatibility (also include defaults case) and update README.md	2019-03-28 13:41:27 +01:00
Kishi85	45ccb6b0d6	docs: update readme with new command-line parameters	2019-03-28 11:13:54 +01:00
Kishi85	f01140e89b	acertmgr: Add option to supersede previous cert on renewal Add option to automatically revoke the previous certificate with reason superseded after deployment and all actions have been successful.	2019-03-28 09:48:54 +01:00
Kishi85	44aeda6915	webdir: add config option for verification	2019-03-27 14:22:16 +01:00
Kishi85	ff3a57eaff	standalone: remove dependency to webdir and add ipv6 support - Serve the challenge authorizations from in-memory instead of files - Try to establish a dual-stack IPv6 HTTPServer before falling back	2019-03-27 14:22:09 +01:00
Kishi85	8cfcdf9385	docs: update and refine readme	2019-03-27 13:29:41 +01:00
Kishi85	68d4d19f5f	docs: Update documentation and README	2019-03-25 18:25:06 +01:00
Markus	2ed50e032d	README: sync with docs	2019-03-22 10:23:21 +01:00
Markus	d5eba22ad8	docs: clarify (also: Python 3.4 has reached EoL)	2019-03-22 09:52:02 +01:00
Markus	92337436bc	docs: cleanup whitespace and remove "---" from json examples	2019-03-21 22:25:08 +01:00
Kishi85	17dfaa08f0	configuration: Translate unicode names to IDNA (fixes #24 )	2019-03-21 18:43:41 +01:00
Kishi85	316ecdba2e	configuration: Force user to agree to the authorities Terms of Service Authorities (e.g. Let's Encrypt) usually have Terms of Serivce (ToS) that have to be agreed to. Up until this point we automatically indicated agreement to those ToS and sent the necessary value. This commit changes the behaviour to be in line with recommendations from Let's Encrypt that the user themselves have to indicate their agreement by no longer automatically doing so (except for cases of legacy configuration files to provide compatibility). The user can now indicate ToS agreement by either setting the associated configuration variable (authority_tos_agreement) to the required value and/or providing the required value via a command-line parameter (--authority-tos-agreement=<value>/--tos-agreement=<value>/--tos=<value>)	2019-03-20 15:31:53 +01:00
Kishi85	784badf54b	docs: Update examples and README for ACMEv2 API and other changes	2019-03-20 15:31:53 +01:00
Markus	567b1feb4b	README: fix whitespace	2019-02-22 11:09:33 +01:00
Kishi85	67c83d8fce	configuration: cleanup handling+defaults and add commandline options This adds a few basic command line parameters to allow further customization of the configuration locations. As well as defining new default locations for the acertmgr config files and updating the parser with missing values, so that the config dictionary provided to the acertmgr process after parsing is complete and no cross reference to the configuration module is necessary. The parser error handling is also improved.	2019-02-20 12:03:40 +01:00
Kishi85	02036f5617	Update README	2019-01-22 16:03:08 +01:00
Ralf Ramsauer	35d9d39b26	Make key location dynamic Besides the fact that this removes redundant code, hard coded location of file is generally no good idea Also adapt README.md and provide a default location for key files. Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>	2016-04-15 12:49:33 +02:00
Markus	f6f3180617	Improve and clean up the documentation	2016-04-14 18:52:40 +02:00
Ralf Ramsauer	b3db2029e0	Readme: Add hint for proper permission setting of keys openssl genrsa > foo will allow group and world read. Add a hint that these permissions should be adjusted. Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>	2016-04-12 11:55:06 +02:00
David Klaftenegger	2dbae6673a	Make it a configuration option which ACME authority is used	2016-04-12 11:54:37 +02:00
Markus	a8205c47cb	Improve documentation	2016-04-12 11:54:15 +02:00
David Klaftenegger	db0afbf0b7	Add example for multiple domain names per certificate The first name will be the Common Name. All names will be listed as subject alternate names.	2016-04-12 11:54:03 +02:00
David Klaftenegger	5ff9f60cdb	Documentation: add more examples	2016-04-12 11:53:58 +02:00
David Klaftenegger	625ae67f47	Documentation changes acme-tiny is no longer required ca-file needs to be downloaded minor fixes of inaccuracies	2016-04-12 11:53:53 +02:00
David Klaftenegger	661115a508	replace acme-tiny using a pyopenssl implementation of the same functionality instead	2016-04-12 11:53:32 +02:00
Markus	23b70c798c	New format: ca to be able to create cert-chains.	2016-04-12 11:52:23 +02:00
Markus	2500b044f1	Rename notify to action and execute them only once.	2016-04-12 11:52:12 +02:00
David Klaftenegger	d7ea460ce6	Initial setup documentation Adds a section for the initial motions required to get a acertmgr running	2016-04-12 11:51:48 +02:00
Markus	554b96cea8	Improve README	2016-04-12 11:51:16 +02:00
David Klaftenegger	23f9af7c3f	Document python search paths	2016-04-12 11:49:17 +02:00
Markus	0ab3919d73	Acutally invoke acme_tiny (using the staging API)	2016-04-12 11:48:38 +02:00
Markus	b1d25d1821	Fix markdown in README	2016-04-12 11:48:29 +02:00
Markus	1e745b94ea	More checks (e.g. for acme_tiny)	2016-04-12 11:48:21 +02:00
Markus	c7efda7b61	Split cert_get into cert_get and cert_put	2016-04-12 11:46:50 +02:00
Markus	c494fc3ba7	Add a security section to README	2016-01-10 15:56:04 +01:00

1 2

53 Commits