certificates

certificates copied to clipboard

[Bug]: Unable to use "tmpkms" on Windows

8

### Steps to Reproduce Using the CGO build on Windows is not working with "tpmkms". I've build step-ca v0.27.4 with CGO flag on Windows with the help of [w64devkit](https://github.com/skeeto/w64devkit). I...

JMyklebust

[Bug]: step-ca --version does not return version

5

### Steps to Reproduce Following the instructions to install and build STEP-CA here: https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/ The build works, but as it starts the first line that is displayed in the terminal...

roblatour

wire SkipValidation further into SCEP provisioner

4

#### Name of feature: pass SkipValidation further into the SCEP provisioner #### Pain or issue this feature alleviates: When writing custom integrations, some of the validations don't apply, which unintentionally...

mishaslavin

[Bug]: cloudKMS connects to IPs and fails

5

### Steps to Reproduce 1. start step-ca ``` step-ca ...ca.json --password-file ...password ``` 2. get error message ``` context deadline exceeded cloudKMS GetPublicKey failed go.step.sm/crypto/kms/cloudkms.(*Signer).preloadKey go.step.sm/[email protected]/kms/cloudkms/signer.go:46 go.step.sm/crypto/kms/cloudkms.NewSigner go.step.sm/[email protected]/kms/cloudkms/signer.go:31 go.step.sm/crypto/kms/cloudkms.(*CloudKMS).CreateSigner go.step.sm/[email protected]/kms/cloudkms/cloudkms.go:162...

GBBx

[Bug]: security issue: step ca server logs contain signed AWS IID

2

### Steps to Reproduce 1. Add an AWS IID provisioner to step ca 2. Configure step-ca as an registration authority to a vault CA (this is our config, but I...

liji-canva

#### Name of feature: Custom Challenge validator API #### Pain or issue this feature alleviates: There are situations where SCEP challenges could be validated using a backend library or some...

mishaslavin

creation of ReturnEntireCertChain option for SCEP provisioner which controls whether to use the current default behavior of just returning the leaf cert or to return all certificates that we get...

mishaslavin

Allow CA interface to control validation of Client Identifiers for device-attest-01 acme requests

1

author Venky Gopal 1693934844 -0400 committer mishaslavin 1749672251 -0700 #### Name of feature: (Duplicate of #1525) Propagate attested client identifiers (serial and attestation object) to CA interface & allow global...

mishaslavin

#### Name of feature: (duplicate of #1991 ) An option to skip validation of the SCEP configuration #### Pain or issue this feature alleviates: When writing custom integrations, some of...

mishaslavin

## Hello! - Vote on this issue by adding a 👍 reaction - If you want to implement this feature, comment to let us know (we'll work with you on...

p3lim