certificates
certificates copied to clipboard
smallstep
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
It would be handy to have an easy way of generating intermediate certificates after the ca init step and then choose which one to sign with when generating certs (maybe...
Sometimes ACME clients can misbehave and it's pretty easy to DoS step-ca in that case. @MCWertGaming discovered an interaction between Caddy and `step-ca` that causes a flood of ACME requests,...
Out of curiosity: Why were the EAB functionalities removed with commit d00729df0b6ba17e164b306256bcf00cb2cb7b3b?
#### Name of feature: #### Pain or issue this feature alleviates: #### Why is this important to the project (if not answered above): This PR enables support for RSA keys...
### Steps to Reproduce Configure step-ca in Vault ra mode: https://smallstep.com/docs/step-ca/registration-authority-ra-mode#hashicorp-vault-ra-mode. Once everything is working fine and you are able to issue a certificate using the JWK provisioner, try adding...
### Steps to Reproduce When revoking a certificarte using step client with mTLS (e.g. `step ca revoke --cert cert.pem --key cert.key ...`), the serial number of the revoked cert is...
### What would you like to be added Intune CSR Validation for SCEP. ### Why this is needed This allows Intune to use SCEP for certificate deployment. This allows devices...
### Steps to Reproduce Testing the Docker image, I've created this simple `docker-compose.yml` ```yml version: "3.5" volumes: step: services: step-ca: image: smallstep/step-ca container_name: step-ca restart: always volumes: - "step:/home/step" -...
### Description Support for ACME device-attest-01 challenge. See: - https://datatracker.ietf.org/doc/html/draft-bweeks-acme-device-attest-00 - https://developer.apple.com/documentation/devicemanagement/acmecertificate - https://developer.apple.com/videos/play/wwdc2022/10143/ We need to add SAN support for permanent identifiers in `go.step.sm/crypto`. There's some work by @brandonweeks...
Section 8.2 of the ACME spec details exactly how client and server retry should be handled during a challenge validation. We should implement this part of the spec. Namely, retry...
