Emmanuel Garette
bb5b32a435
add OpenSSH plugin
2021-05-22 16:45:44 +02:00
sayali
51e90f6fb2
ECCPRIME256V1 as default for cert create API
2021-02-10 20:06:14 -08:00
Jasmine Schladen
19d90b8f1c
Add issuer and ID fields to SNS notification format
2021-02-03 17:08:25 -08:00
sayali
7a1f13dcb5
CRL Reason for certificate revoke
2020-11-30 20:06:37 -08:00
sayali
01dddd2a55
iterate over subject details
2020-10-20 17:17:28 -07:00
sayali
788703ce12
Fix cert reissue when L/OU is not set
...
get_certificate_primitives complains with None L/OU
2020-10-20 16:44:17 -07:00
Hossein Shafagh
894e35b4e2
Update schemas.py
...
minor language
2020-10-14 09:48:40 -07:00
sayali
b677e6e325
Copy subject details for non-CAB-compliant authorities
2020-10-13 19:40:01 -07:00
sayali
fb4df8865b
Formatting changes and typo
2020-10-09 17:58:03 -07:00
sayali
d52e0d4e09
Certificate edit: update role and notification with owner change
2020-10-09 16:55:30 -07:00
sayali
8928e04385
Fix disable notify
2020-10-08 11:38:52 -07:00
sayali
b7d0e62844
Make location optional
...
Remove form validation and default value in input schema
2020-10-07 13:31:23 -07:00
sayali
aaff0f7581
Fixing UT for key_type on upload schema
2020-09-28 19:03:21 -07:00
sayali
7a226241db
Add key_type to CertificateUploadInputSchema
...
Parse cert body to determine algo
2020-09-28 18:13:00 -07:00
sayali
cd13832377
Use key_type column for cert get/rotate/reissue/display
...
Added unit tests
2020-09-23 15:16:19 -07:00
Hossein Shafagh
5ab9626cbd
overwriting cn and key_type values from CSR, as they take precedence
2020-09-09 19:52:59 -07:00
e11it
f83e3f764e
always assign csr_sans to name
2020-05-22 21:52:43 +03:00
e11it
27a86f5c18
Fix: San values #2921
...
Not sure is it correct solution
2020-03-03 21:45:33 +03:00
rajatsharma94
9984470b58
fix fatal error in schema validator
2020-01-23 15:27:02 +01:00
Ilya Labun
189e8b2725
Eliminate subqueries when showing certificates list
2019-12-20 10:37:47 +01:00
Marti Raudsepp
2319858586
Expose new certificate field hasPrivateKey
...
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
Curtis Castrapel
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
Curtis
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
Javier Ramos
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
Jose Plana
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
Jose Plana
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
Jose Plana
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
Javier Ramos
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
Javier Ramos
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
Curtis
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
Curtis Castrapel
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
Javier Ramos
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
Javier Ramos
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
Marti Raudsepp
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
Marti Raudsepp
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
Marti Raudsepp
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
James Chuong
75069cd52a
Add CSR to certificiates
...
Add csr column to certificates field, as pending certificates have
exposed the CSR already. This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481
Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
Curtis Castrapel
cc18a68c00
Lemur LetsEncrypt Polling Support
2018-10-11 22:01:05 -07:00
Curtis Castrapel
7d42e4ce67
Fix certificate import issues
2018-09-10 10:34:47 -07:00
Curtis Castrapel
1ad61b1550
allow null validity periods
2018-08-17 07:57:55 -07:00
Curtis Castrapel
bb026b8b59
Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider
2018-08-13 14:22:59 -07:00
Steven Reiling
7f3454128d
Adds an optional interval variable to notification service's
...
create_default_expiration_notifications and introduces a new optional
configuration variable, LEMUR_SECURITY_TEAM_EMAIL_INTERVALS, to allow admins
control over the centralized email notification defaults.
2018-07-13 14:08:31 -07:00
Marti Raudsepp
50846eb682
Expose certificate dateCreated via API
2018-07-02 18:24:18 +03:00
Curtis Castrapel
544a02ca3f
Addressing comments. Updating copyrights. Added function to determine authorative name server
2018-05-29 10:23:01 -07:00
Curtis Castrapel
a9b9b27a0b
fix tests
2018-05-10 12:58:04 -07:00
Curtis Castrapel
52e7ff9919
Allow specification of dns provider name only
2018-05-10 12:58:04 -07:00
Curtis Castrapel
6500559f8e
Fix issue with automatically renewing acme certificates
2018-05-08 14:54:10 -07:00
Curtis Castrapel
e68b3d2cbd
0.7 release
2018-05-07 09:58:24 -07:00
Curtis Castrapel
1be3f8368f
dyn support
2018-05-04 15:01:01 -07:00
Curtis Castrapel
3e64dd4653
Additional work
2018-05-04 15:01:01 -07:00