From 41c781318cdec7a1ac1b793ee790481141c6b63b Mon Sep 17 00:00:00 2001 From: arnydo Date: Wed, 10 Jul 2019 10:08:14 -0400 Subject: [PATCH 1/2] Add ADCS in Docs Add info regarding the ADCS plugin created by "https://github.com/sirferl/lemur". "lemur_adcs" plugin is part of Lemur by default so I added to main plugins section within Docs. --- docs/administration.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/administration.rst b/docs/administration.rst index 491edcf1..ac8fd542 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -1086,6 +1086,18 @@ progress and the API is not frozen. Lemur includes several plugins by default. Including extensive support for AWS, VeriSign/Symantec. +Active Directory Certificate Services +-------- + +:Authors: + sirferl +:Type: + Issuer +:Description: + Enables the creation of certificates by ADCS (Active Directory Certificate Services) +:Links: + https://github.com/sirferl/lemur + Verisign/Symantec ----------------- From 66bff57c04345facf7d43064f91331f498a25e20 Mon Sep 17 00:00:00 2001 From: arnydo Date: Wed, 10 Jul 2019 12:10:47 -0400 Subject: [PATCH 2/2] Add ADCS Plugin Configuration to Docs Add configuration options based on https://github.com/Netflix/lemur/pull/2255#issue-240136873 --- docs/administration.rst | 74 +++++++++++++++++++++++++++++++---------- 1 file changed, 57 insertions(+), 17 deletions(-) diff --git a/docs/administration.rst b/docs/administration.rst index ac8fd542..e292ae03 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -593,8 +593,60 @@ If you are not using a metric provider you do not need to configure any of these Plugin Specific Options ----------------------- +Active Directory Certificate Services Plugin +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +.. data:: ADCS_SERVER + :noindex: + + FQDN of your ADCS Server + + +.. data:: ADCS_AUTH_METHOD + :noindex: + + The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (SSL client certificate). The next 2 variables are interpreted differently for different methods. + + +.. data:: ADCS_USER + :noindex: + + The username (basic) or the path to the public cert (cert) of the user accessing PKI + + +.. data:: ADCS_PWD + :noindex: + + The passwd (basic) or the path to the private key (cert) of the user accessing PKI + + +.. data:: ADCS_TEMPLATE + :noindex: + + Template to be used for certificate issuing. Usually display name w/o spaces + + +.. data:: ADCS_START + :noindex: + +.. data:: ADCS_STOP + :noindex: + +.. data:: ADCS_ISSUING + :noindex: + + Contains the issuing cert of the CA + + +.. data:: ADCS_ROOT + :noindex: + + Contains the root cert of the CA + + Verisign Issuer Plugin -^^^^^^^^^^^^^^^^^^^^^^ +~~~~~~~~~~~~~~~~~~~~~~ Authorities will each have their own configuration options. There is currently just one plugin bundled with Lemur, Verisign/Symantec. Additional plugins may define additional options. Refer to the plugin's own documentation @@ -642,7 +694,7 @@ for those plugins. Digicert Issuer Plugin -^^^^^^^^^^^^^^^^^^^^^^ +~~~~~~~~~~~~~~~~~~~~~~ The following configuration properties are required to use the Digicert issuer plugin. @@ -690,7 +742,7 @@ The following configuration properties are required to use the Digicert issuer p CFSSL Issuer Plugin -^^^^^^^^^^^^^^^^^^^ +~~~~~~~~~~~~~~~~~~~ The following configuration properties are required to use the CFSSL issuer plugin. @@ -716,7 +768,7 @@ The following configuration properties are required to use the CFSSL issuer plug Hashicorp Vault Source/Destination Plugin -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lemur can import and export certificate data to and from a Hashicorp Vault secrets store. Lemur can connect to a different Vault service per source/destination. @@ -738,7 +790,7 @@ Vault Destination supports a regex filter to prevent certificates with SAN that AWS Source/Destination Plugin -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In order for Lemur to manage its own account and other accounts we must ensure it has the correct AWS permissions. @@ -1086,18 +1138,6 @@ progress and the API is not frozen. Lemur includes several plugins by default. Including extensive support for AWS, VeriSign/Symantec. -Active Directory Certificate Services --------- - -:Authors: - sirferl -:Type: - Issuer -:Description: - Enables the creation of certificates by ADCS (Active Directory Certificate Services) -:Links: - https://github.com/sirferl/lemur - Verisign/Symantec -----------------