- 30 Jun, 2017 1 commit
-
-
Alain Takoudjou authored
when calling cliweb command with option --updateÃ-cr the crl file will be downloaded from URL/crl and save only if the previous crl file don't exists or if there is an old crl file and the new one is different. if option --on-crl-update SCRIPT_FILE is passed with --update-crl SCRIPT_FILE will be executed if the crl is updated.
-
- 29 Jun, 2017 2 commits
-
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
- 28 Jun, 2017 3 commits
-
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
- 30 May, 2017 3 commits
-
-
Alain Takoudjou authored
-
Alain Takoudjou authored
Split cli_flask functions used to renew, sign and revoke certificate. Allow to revoke a certificate by serial PUT /crt/revoke/serial, this method required admin authentication. Also add GET /crt/serial/<string:serial>
-
Alain Takoudjou authored
-
- 12 May, 2017 4 commits
-
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
- 27 Apr, 2017 5 commits
-
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
The certificate authority is used to generate and sign certificate, there is 3 parts: - web: which contains API to submit certificate signature request and to download signed certificate - cliweb: which is a command line tool used to quickly generate private key and send certificate signature request, he will also downlaod automatically the signed certificate as well as ca certificate. - cli: is used to garbage collect certificate authority, all expired certificate, csr, crl and revocation will be trashed using this tool. The first csr can be automatically signed, the rest will be signed by the adminitrator, first connection to /admin/ will ask to set password the admin can see all csr (pending) then sign them. As soon as csr is signed, the client will download (cliweb) the certificate. client can also renew or revoke his certificate using CA API. Renew and revoke are immediate, there is no admin approval. on server side, the storage storage.py use sqlite to store all informations (certificat, csr, crl and revocations), there is no use of openssl here. ca.py will invoke the storage to store or to get certificates. the client store certificate directly on filesystem, so it can be read by apache, nginx, etc.
-
Alain Takoudjou authored
-
- 31 Mar, 2017 1 commit
-
-
Vincent Pelletier authored
-
- 29 Mar, 2017 3 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-