Hossein Shafagh
Hossein Shafagh
thanks @sergerdn for noticing this issue and raising it here! you are right with your observation, that the error is a bandit issue https://github.com/PyCQA/bandit/issues/545 I would also expect Travis would...
Hi @Jabarwacky, to rotate certificates in F5, you likely need to write the respective plugins. Today, Lemur can rotate AWS load balancers and Cloudfront distribution points. The latter was just...
Hi @Dvergatal, Lemur allows supplying a CSR during certificate creation, and it will use the CSR for the request to the CA for certificate issuance. On the UI, you can...
@Dvergatal correct, you can let Lemur create client Certificate just with a CSR. this is a common pattern supported in Lemur. note that Lemur supports different issuers, e.g.; public CAs:...
Hi @rb5acgusr, you can find the configuration parameters for the ACME client here: https://github.com/Netflix/lemur/blob/983f9beacb85cb1ecb8ce10a5028d2664dffed23/lemur/plugins/lemur_acme/plugin.py#L237-L240 Lemur uses acme.client.BackwardsCompatibleClientV2 to create an ACME client: https://acme-python.readthedocs.io/en/stable/api/client.html#acme.client.BackwardsCompatibleClientV2 you would need to provide the private...
Thank you for reporting this issue. We don't use docker and docker support is provided by the community. Marking this issue as help-wanted.
@jpartain89, I agree with the general notion of tightening access to the private key, but not all destinations are supported by Lemur, and there are the edge cases, where the...
Hi @Jonesy22, I don't believe users have access to an authorities private key, because they have the permission to use that Authority. The Authorities' page doesn't ever render the private...
This is the code path used for creating a new authority: https://github.com/Netflix/lemur/blob/master/lemur/authorities/service.py#L100-L129 my suspicion is that you don't have defined ``` LEMUR_DEFAULT_AUTHORITY = `?` ``` When creating the Authority you...
sorry folks for not having noticed your messages earlier here, and thanks @sirferl for chiming in and your continuous support of the community. @jjason63 @davidhoang-cbre; Hope you were successful in...