Hossein Shafagh
|
709a9808aa
|
better structure of the query and and removing ilike
|
2020-10-26 18:32:53 -07:00 |
sayali
|
2c22d42a57
|
Modify description during reissue
Include the certificate ID being reissued and mention that this is created by Lemur as part of reissue
|
2020-10-23 17:07:14 -07:00 |
Hossein Shafagh
|
2b274f723a
|
Merge branch 'master' into improved-logging
|
2020-10-23 07:59:30 -07:00 |
Hossein Shafagh
|
cf87e178c8
|
making lint happy
|
2020-10-22 17:33:02 -07:00 |
Hossein Shafagh
|
03d1af16e7
|
better logging for exceptions around all plugins
|
2020-10-22 15:59:38 -07:00 |
Hossein Shafagh
|
2e7e3a82fa
|
Update cli.py
logging in exception
|
2020-10-22 11:57:54 -07:00 |
Hossein Shafagh
|
a4dba0cb35
|
creating a cli to handle entrust deactivation
|
2020-10-21 19:52:51 -07:00 |
Hossein Shafagh
|
92eec5cc9c
|
revocation should only check for not expired and not revoked certs
|
2020-10-21 18:52:55 -07:00 |
sayali
|
01dddd2a55
|
iterate over subject details
|
2020-10-20 17:17:28 -07:00 |
sayali
|
788703ce12
|
Fix cert reissue when L/OU is not set
get_certificate_primitives complains with None L/OU
|
2020-10-20 16:44:17 -07:00 |
sayali
|
9dc476f393
|
Use cab_compliant option instead of authority name list
|
2020-10-15 10:44:46 -07:00 |
Hossein Shafagh
|
894e35b4e2
|
Update schemas.py
minor language
|
2020-10-14 09:48:40 -07:00 |
sayali
|
b677e6e325
|
Copy subject details for non-CAB-compliant authorities
|
2020-10-13 19:40:01 -07:00 |
sayali
|
fb4df8865b
|
Formatting changes and typo
|
2020-10-09 17:58:03 -07:00 |
sayali
|
d52e0d4e09
|
Certificate edit: update role and notification with owner change
|
2020-10-09 16:55:30 -07:00 |
sayali
|
8928e04385
|
Fix disable notify
|
2020-10-08 11:38:52 -07:00 |
sayali
|
b7d0e62844
|
Make location optional
Remove form validation and default value in input schema
|
2020-10-07 13:31:23 -07:00 |
sayali
|
aaff0f7581
|
Fixing UT for key_type on upload schema
|
2020-09-28 19:03:21 -07:00 |
sayali
|
7a226241db
|
Add key_type to CertificateUploadInputSchema
Parse cert body to determine algo
|
2020-09-28 18:13:00 -07:00 |
sayali
|
cd13832377
|
Use key_type column for cert get/rotate/reissue/display
Added unit tests
|
2020-09-23 15:16:19 -07:00 |
sayali
|
51549ae795
|
Adding comment for the property to be removed
|
2020-09-15 17:37:58 -07:00 |
sayali
|
5ae65c2c4d
|
Remove unused import
|
2020-09-15 14:55:04 -07:00 |
sayali
|
02d711282d
|
New column key_type
commenting conflicting property for now
|
2020-09-14 18:12:33 -07:00 |
Hossein Shafagh
|
806aeddd87
|
Merge branch 'master' into validity
|
2020-09-11 10:09:01 -07:00 |
Hossein Shafagh
|
4923157dc2
|
expanding key_type to with EC support
|
2020-09-09 19:54:20 -07:00 |
Hossein Shafagh
|
5ab9626cbd
|
overwriting cn and key_type values from CSR, as they take precedence
|
2020-09-09 19:52:59 -07:00 |
Hossein Shafagh
|
6fa15c4cb3
|
methods to extract cn and key_type from csr
|
2020-09-09 19:48:21 -07:00 |
sayali
|
3242fc1e13
|
Validity with radio buttons
|
2020-08-26 19:30:12 -07:00 |
sayali
|
6aedd3b0d8
|
Datepicker enhancements
|
2020-08-25 18:40:36 -07:00 |
sayali
|
240f0b99c8
|
Max end date as per start date + default validity 3 years
|
2020-08-18 19:34:59 -07:00 |
sayali
|
bc5579e9bf
|
max date on UI as per max validity configs
|
2020-08-18 14:50:42 -07:00 |
Hossein Shafagh
|
4985744bd8
|
fixing UnboundLocalError bug
|
2020-06-11 16:47:37 -07:00 |
Hossein Shafagh
|
c40d297735
|
Merge branch 'master' into ilabun/optimize-certificates-sql
|
2020-06-09 14:20:31 -07:00 |
Hossein Shafagh
|
fd3ea2cf46
|
Merge branch 'master' into json-logging-rotate
|
2020-06-09 10:58:53 -07:00 |
Hossein Shafagh
|
50091cca1d
|
Merge branch 'master' into ilabun/optimize-certificates-sql
|
2020-05-27 15:29:47 -07:00 |
Hossein Shafagh
|
d8948a12d3
|
Merge branch 'master' into check-revoke-revised
|
2020-05-27 15:29:19 -07:00 |
Hossein Shafagh
|
86c3771044
|
Merge branch 'master' into json-logging-rotate
|
2020-05-27 15:28:48 -07:00 |
Hossein Shafagh
|
d95f02d234
|
Merge branch 'master' into master
|
2020-05-27 14:25:07 -07:00 |
Hossein Shafagh
|
4eeab91d73
|
making lint happy
|
2020-05-22 18:36:39 -07:00 |
Hossein Shafagh
|
10dfedee36
|
making lint happy
|
2020-05-22 18:33:43 -07:00 |
Hossein Shafagh
|
86310ff02d
|
Merge branch 'master' into check-revoke-revised
|
2020-05-22 18:25:00 -07:00 |
Hossein Shafagh
|
87a53557cd
|
Merge branch 'master' into json-logging-rotate
|
2020-05-22 18:24:53 -07:00 |
Hossein Shafagh
|
8f16688b0a
|
Merge branch 'master' into check-revoke-revised
|
2020-05-22 17:45:50 -07:00 |
Hossein Shafagh
|
49a8b80df2
|
better exception handling when OCSP or CRL or not implemented
|
2020-05-22 17:36:34 -07:00 |
Hossein Shafagh
|
c9767b3172
|
adding logging for revoked certs
|
2020-05-22 17:32:44 -07:00 |
Hossein Shafagh
|
49c4a9c3b2
|
making the revocation to be scoped based on the authority plugin name
|
2020-05-22 17:29:30 -07:00 |
Hossein Shafagh
|
4923bbf8a7
|
adding json formatted logging
|
2020-05-22 16:22:12 -07:00 |
Hossein Shafagh
|
09016fd2ee
|
cleaning up the code after more local testing
|
2020-05-22 16:04:39 -07:00 |
e11it
|
f83e3f764e
|
always assign csr_sans to name
|
2020-05-22 21:52:43 +03:00 |
Hossein Shafagh
|
97145b6dee
|
Merge branch 'master' into ilabun/optimize-certificates-sql
|
2020-05-22 10:29:28 -07:00 |
Hossein Shafagh
|
cc4fc66c93
|
Merge branch 'master' into master
|
2020-05-22 09:57:46 -07:00 |
Hossein Shafagh
|
748268ecd5
|
Merge branch 'master' into cert-rotation-region-by-region
|
2020-05-22 09:57:06 -07:00 |
Hossein Shafagh
|
2582086d39
|
Merge branch 'master' into ilabun/optimize-certificates-sql
|
2020-05-21 15:39:58 -07:00 |
Hossein Shafagh
|
fd444403bb
|
improved logging.
- adding destination name, fixing broken metric.
|
2020-05-21 15:32:38 -07:00 |
Hossein Shafagh
|
70985f4ff5
|
revised system arch
|
2020-05-14 22:37:30 -07:00 |
Hossein Shafagh
|
cdd9137f4e
|
Merge branch 'master' into cert-rotation-region-by-region
|
2020-05-08 15:32:49 -07:00 |
Hossein Shafagh
|
529ee04ae7
|
removing duplicate line
|
2020-05-08 09:16:46 -07:00 |
Hossein Shafagh
|
f68900d2b3
|
improving logging and the possibility of defining which Authorities qualify for auto-rotation
|
2020-05-07 18:28:01 -07:00 |
Hossein Shafagh
|
843ffad60e
|
removing testing comments
|
2020-05-07 17:10:50 -07:00 |
Hossein Shafagh
|
1b6907a404
|
Certificate rotation region by region
example scheudule:
CELERYBEAT_SCHEDULE = {
'certificate_rotate': {
'task': 'lemur.common.celery.certificate_rotate',
'options': {
'expires': 180
},
'schedule': crontab(minute="*"),
'kwargs': {'region': 'us-east-1'}
}
}
|
2020-05-07 16:28:01 -07:00 |
Curtis Castrapel
|
863af7a3e5
|
Making CLI command ; Running black
|
2020-04-28 12:16:46 -07:00 |
Curtis Castrapel
|
273c3e2793
|
Celery task to enable autorotate for all certificates attached to endpoints without it enabled
|
2020-04-28 11:52:43 -07:00 |
Hossein Shafagh
|
2a2499a929
|
simplifying code
|
2020-03-26 20:45:00 -07:00 |
Hossein Shafagh
|
5206997468
|
expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc
|
2020-03-26 19:01:07 -07:00 |
Hossein Shafagh
|
88c40aa93c
|
Merge branch 'master' into master
|
2020-03-23 20:31:16 -07:00 |
Hossein Shafagh
|
697215f8bc
|
better handling of destination plugin errors, and also checking cert expiration before upload
|
2020-03-21 20:05:35 -07:00 |
Ilya Makarov
|
7bd5173da4
|
Merge with Netflix/lemur master
|
2020-03-20 20:52:33 +03:00 |
Hossein Shafagh
|
1d4da0e3d8
|
another polish
|
2020-03-17 16:59:09 -07:00 |
Hossein Shafagh
|
ecca003ab4
|
improving the documentation and method naming
|
2020-03-17 16:55:36 -07:00 |
Hossein Shafagh
|
34d23503de
|
fixing the data bug
|
2020-03-14 20:41:03 -07:00 |
Hossein Shafagh
|
593c35776c
|
adding new methods for getting pending clean
|
2020-03-14 20:17:05 -07:00 |
e11it
|
27a86f5c18
|
Fix: San values #2921
Not sure is it correct solution
|
2020-03-03 21:45:33 +03:00 |
Ilya Labun
|
5d8eb51ef4
|
Merge branch 'master' into ilabun/optimize-certificates-sql
|
2020-01-24 11:28:55 +01:00 |
rajatsharma94
|
9984470b58
|
fix fatal error in schema validator
|
2020-01-23 15:27:02 +01:00 |
Ilya Labun
|
bc1a2cf69c
|
Optimize certificates SQL query
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
|
2020-01-13 14:43:41 +01:00 |
Ilya Labun
|
189e8b2725
|
Eliminate subqueries when showing certificates list
|
2019-12-20 10:37:47 +01:00 |
Jay Zarfoss
|
00a0a27826
|
used fixedName variable to transport db lookup optimization
|
2019-11-20 09:44:31 -08:00 |
Hossein Shafagh
|
a13c45e9cc
|
updating dependencies, and fixing the deprecated arrow.replaces to shift
|
2019-09-20 13:49:38 -07:00 |
Hossein Shafagh
|
8340e0653b
|
making lint happy
|
2019-08-07 18:04:28 -07:00 |
Hossein Shafagh
|
d1519343d1
|
improving check revoked by only considering authorities which do support revocation and also only including not expired certs
|
2019-08-07 17:54:10 -07:00 |
Marti Raudsepp
|
2319858586
|
Expose new certificate field hasPrivateKey
We can also now disable the 'private key' tab when cert doesn't have a
private key.
|
2019-06-22 15:38:28 +03:00 |
Hossein Shafagh
|
23caac5576
|
Merge branch 'master' into temp-ExpiredToggle-3
|
2019-06-21 08:59:53 -07:00 |
Hossein Shafagh
|
34cdd29a50
|
removing the rotation enabled requirement, to keep the endpoint generic
|
2019-06-20 16:06:26 -07:00 |
Kush Bavishi
|
f836c6fff6
|
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
|
2019-06-17 14:29:48 -07:00 |
Hossein Shafagh
|
071c083eae
|
hiding expired certs after 6 months from the main page
|
2019-05-30 10:21:03 -07:00 |
Hossein Shafagh
|
b4d9ab9f0c
|
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
|
2019-05-30 08:55:49 -07:00 |
Hossein Shafagh
|
13d46ae42e
|
indexing the not after field in the cert table
|
2019-05-30 08:55:30 -07:00 |
Curtis Castrapel
|
f81adb1371
|
Make get_or_increase_name queries less demanding
|
2019-05-29 12:20:05 -07:00 |
Curtis Castrapel
|
68fd1556b2
|
Black lint all the things
|
2019-05-16 07:57:02 -07:00 |
Hossein Shafagh
|
f452a7ce68
|
adding a new API for faster certificate lookup.
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
|
2019-05-11 18:06:51 -07:00 |
Curtis Castrapel
|
e33a103ca1
|
Allow searching for certificates by name via API
|
2019-05-09 14:36:56 -07:00 |
Curtis Castrapel
|
87470602fd
|
Gather more metrics on certificate reissue/rotate jobs
|
2019-05-08 07:48:08 -07:00 |
Curtis
|
f6afcc6d21
|
Merge branch 'master' into master
|
2019-04-17 10:28:46 -07:00 |
Javier Ramos
|
58dd424de8
|
Prevent potential NoneType not subscriptable
Fix when data['extensions']['subAltNames']['names'] is none
|
2019-04-17 18:33:52 +02:00 |
Jose Plana
|
770729a72e
|
Allow csr to be empty during upload
|
2019-04-13 01:17:12 +02:00 |
Jose Plana
|
406753fcde
|
Fix PEP8
|
2019-04-13 00:49:35 +02:00 |
Jose Plana
|
a5570d07bc
|
Added some documentation for API users.
|
2019-04-13 00:48:19 +02:00 |
Jose Plana
|
c1b02cc8a5
|
Allow uploading csr along with certificates
|
2019-04-13 00:48:19 +02:00 |
Javier Ramos
|
d80a6bb405
|
Added tests for CSR parsing into CertificateInputSchema
|
2019-04-01 08:44:40 +02:00 |
Javier Ramos
|
b86e381e20
|
Parse SubjectAlternativeNames from CSR into Lemur Certificate
|
2019-03-27 13:46:33 +01:00 |