certificates
certificates copied to clipboard
smallstep
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
https://deps.dev/go/github.com%2Fsmallstep%2Fcli/v0.16.1
### What would you like to be added Please add the ability to list or download all unrevoked signed certificates from a `step-ca` instance. ### Why this is needed Right...
Hey team. Suppose a short-lived certificate is issued. The certificate and key are compromised and the attacker issued a new certificate using the old one: `step ca renew compromised.crt compromised.key...
### Description If a provisioner cannot be accessed, e.g. OAuth server is down, allow `step-ca` to boot up with the remaining functioning provisioners. Probably this is already in the new...
### Description Currently, KMSs are registered in certificates when the file is imported using the `apiv1.Register` method, for example, cloudkms is registered using this: https://github.com/smallstep/certificates/blob/3f660ff07e834fbe7b387da6c7a7d004e59da057/kms/cloudkms/cloudkms.go#L96-L100 Then we import the supported...
### What would you like to be added To be able to use as little resources as possible in resource constrained environments like the Raspberry Pi it would be *awesome*...
# Use case If we have multiple machines, or a machine can have custom ssh access, e.g. Github or Gitea access, it would be better to have control over the...
* step-ca should transparently reduce the notAfter of any issued certificates to min(requested-notAfter, intermediate-notAfter, root-notAfter) * If the notAfter is reduced, step-ca should log a warning: "Requested certificate expiration was...