certificates

certificates copied to clipboard

### Description This PR adds validation of name constraints before issuing an X509 certificate Fixes #1060

maraino

Replaces https://github.com/smallstep/certificates/pull/1040, because there were some issues after merging master back into that. Will remove https://github.com/ryboe/q before merging.

hslatman

dopey

dopey

New provisioner or add to ACME provisioner for Wire™ cert enrollment

10

## Issue details We would like to use Smallstep to enroll X.509 certificates for the [Wire](https://wire.com) end-to-end encrypted messaging application. Wire is entirely open [source](https://github.com/wireapp) and supports federation (multiple servers...

rohan-wire

Enforce name constraints at cert issuance time

2

### Description Enforce name constraints on X509 cert issuance. For example, if the intermediate has: * PermittedDNSDomains=example.com, then example.com and www.example.com will be permitted, but acme.com will not. * ExcludedDNSDomains=example.com,...

maraino

Include additional data from Cloud Metadata in certificates in disableCustomSAN mode.

11

## Hello! - Vote on this issue by adding a 👍 reaction - If you want to implement this feature, comment to let us know (we'll work with you on...

the-maldridge

adding `--expires-in` to `step ssh renew`

4

As @maraino suggested in #622 I would like to post this request to add a verification if renewal time has come for an ssh host certificate. As of now renewal...

logopk

### Steps to Reproduce When running `step-ca --token ey.... --issuer-password-file issuer-pw --context ra-quickstart` I get: `could not load context 'ra-quickstart'` ### Your Environment * OS - macOS * `step-ca` Version...

tashian

tashian