1. 30 Jun, 2017 1 commit
    • Alain Takoudjou's avatar
      add new cliweb command which download/update crl file from caucase · 51383ead
      Alain Takoudjou authored
      when calling cliweb command with option --updateÃ-cr the crl file
      will be downloaded from URL/crl and save only if the previous crl
      file don't exists or if there is an old crl file and the new one
      is different.
      if option --on-crl-update SCRIPT_FILE is passed with --update-crl
      SCRIPT_FILE will be executed if the crl is updated.
      51383ead
  2. 29 Jun, 2017 2 commits
  3. 28 Jun, 2017 3 commits
  4. 30 May, 2017 3 commits
  5. 12 May, 2017 4 commits
  6. 27 Apr, 2017 5 commits
    • Alain Takoudjou's avatar
    • Alain Takoudjou's avatar
      fix long_description in setpu.py · 4672a3ac
      Alain Takoudjou authored
      4672a3ac
    • Alain Takoudjou's avatar
      023c4913
    • Alain Takoudjou's avatar
      initial implementation of certificate authority · 26015ada
      Alain Takoudjou authored
      The certificate authority is used to generate and sign certificate, there is 3 parts:
      - web: which contains API to submit certificate signature request and to download signed certificate
      - cliweb: which is a command line tool used to quickly generate private key and send certificate signature request, he will
      also downlaod automatically the signed certificate as well as ca certificate.
      - cli: is used to garbage collect certificate authority, all expired certificate, csr, crl and revocation will be trashed using this tool.
      
      The first csr can be automatically signed, the rest will be signed by the adminitrator, first connection to /admin/ will ask to set password
      the admin can see all csr (pending) then sign them. As soon as csr is signed, the client will download (cliweb) the certificate.
      
      client can also renew or revoke his certificate using CA API. Renew and revoke are immediate, there is no admin approval.
      
      on server side, the storage storage.py use sqlite to store all informations (certificat, csr, crl and revocations), there is no use of openssl here.
      ca.py will invoke the storage to store or to get certificates.
      
      the client store certificate directly on filesystem, so it can be read by apache, nginx, etc.
      26015ada
    • Alain Takoudjou's avatar
  7. 31 Mar, 2017 1 commit
  8. 29 Mar, 2017 3 commits