caucase:52d85d1e4d058146ce0faae682e13e283b883c71 commitshttps://lab.nexedi.com/nexedi/caucase/-/commits/52d85d1e4d058146ce0faae682e13e283b883c712017-06-28T19:02:49+02:00https://lab.nexedi.com/nexedi/caucase/-/commit/52d85d1e4d058146ce0faae682e13e283b883c71serial is a random unique number get from the csr_id2017-06-28T19:02:49+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/f9819934b49b8c39c825da4277046a5ecb08c40buse crt_id istead of serial when revoke directly a certificate2017-06-28T19:02:39+02:00Alain Takoudjoualain.takoudjouhttps://lab.nexedi.com/nexedi/caucase/-/commit/7a09ecac2b96e9878fc45169df5ad397c525f0eaadd support for backup caucase database to cli2017-05-30T11:10:25+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/5f6857b79268044c2997bdcf08d7d48e3ad0b952factorise cli_flask code, add more comments to functions, add admin revoke cr...2017-05-30T11:10:25+02:00Alain Takoudjoualain.takoudjou@nexedi.com
Split cli_flask functions used to renew, sign and revoke certificate.
Allow to revoke a certificate by serial PUT /crt/revoke/serial, this
method required admin authentication. Also add GET /crt/serial/<string:serial>https://lab.nexedi.com/nexedi/caucase/-/commit/2d6b3bed0a0cb043c1cb97312a7e8928a7ebe958remove app, db from web to prevent using a different app_context in tests2017-05-30T11:10:25+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/6e3bb8e5ca07976d50f039a576e5c8f0ead6d2cbRelease version 0.1.22017-05-12T18:26:13+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/2aa8bf7a261236c726e78852a9c2768ccf16cde8rename ca -> caucase in setup.py2017-05-12T18:21:27+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/e7e2df781109ab21e336c711da070f8a3dcef98ccli renew now takes option to check if renew is required and on-renew script2017-05-12T18:20:40+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/a9a134d0f575900f45a222f69a2cd864c2bc58beremove useless functions2017-05-12T18:18:39+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/90a3652bcd2e6dbf03cbcda507eacd976cbdb632update version, add MANIFEST.in and CHANGES.txt files to project2017-04-27T15:11:48+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/4672a3acf55565295783cf63cc6dc5305198e7b9fix long_description in setpu.py2017-04-27T14:06:57+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/023c49135abdf4d88fcd3c11981e3a8acc6d2f48Add tests script for ca.py, storage and web.py2017-04-27T09:53:41+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/26015ada13ed2dc449c6797b8febe73b682d1914initial implementation of certificate authority2017-04-27T09:53:41+02:00Alain Takoudjoualain.takoudjou@nexedi.com
The certificate authority is used to generate and sign certificate, there is 3 parts:
- web: which contains API to submit certificate signature request and to download signed certificate
- cliweb: which is a command line tool used to quickly generate private key and send certificate signature request, he will
also downlaod automatically the signed certificate as well as ca certificate.
- cli: is used to garbage collect certificate authority, all expired certificate, csr, crl and revocation will be trashed using this tool.
The first csr can be automatically signed, the rest will be signed by the adminitrator, first connection to /admin/ will ask to set password
the admin can see all csr (pending) then sign them. As soon as csr is signed, the client will download (cliweb) the certificate.
client can also renew or revoke his certificate using CA API. Renew and revoke are immediate, there is no admin approval.
on server side, the storage storage.py use sqlite to store all informations (certificat, csr, crl and revocations), there is no use of openssl here.
ca.py will invoke the storage to store or to get certificates.
the client store certificate directly on filesystem, so it can be read by apache, nginx, etc.https://lab.nexedi.com/nexedi/caucase/-/commit/d2f8ede980ffb3a938cd121c9a53e050be541649Update setup.py, add certificate authority design documentation2017-04-27T09:53:41+02:00Alain Takoudjoualain.takoudjou@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/584419668ba9ebb420431f5591584ee148cd6ecfAdd gitignore.2017-03-31T18:29:53+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/2ada1b23979ff8b8f19ca3f6ff0182edbd106959extensions: Use intended base exception class.2017-03-29T22:36:48+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/896a346294c5b721e25e86c1f8445ea75cbf3bc2A bit more pseudo-code content.2017-03-29T18:47:03+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/d5d18f24faa8806609c5e446f4788de710a3456fInitial import of empty shells.2017-03-29T17:30:13+09:00Vincent Pelletiervincent@nexedi.com