boulder
boulder copied to clipboard
letsencrypt
An ACME-based certificate authority, written in Go.
We currently have slightly complex, slightly fragile CAA rechecking logic to ensure that we have up-to-date CAA records at issuance time even if the validation documents are more than 8...
That is, a Boulder Load Tester 😋 . It should scale up to 200% of production traffic, but that may be a deployment function. We'll want a flag that performs...
**Summary:** Right now, if we accidentally produce a bad (e.g. incomplete) CRL, we'll only find that out after we publish it, when the black-box crl-monitor runs and realizes that entries...
Currently, when we issue certificates, we issue them with a notBefore date exactly 1 hour prior to the current second. This is to reduce the risk that newly-issued certificates aren't...
Boulder tests mostly use fakeclock whose time only progresses when told to do to. Two adjacent calls to `clk.Now()` will always return the same value.
Once we're feeling more confident in the SRV discovery we added in #7042, we can start using it in ROCSP. To do this, replace `RedisConfig` in ROCSP with `Config` from...
The CRL ceremony type should take a previously-published CRL as one of its inputs. It can then check: - that the configured CRL number is greater than the previous number...
https://www.rfc-editor.org/rfc/rfc9444.html has just been published as an RFC. We could choose to implement the ACME extensions specified by this document, if we think they would provide sufficient value to our...
cert-checker: Detect if a certificate was issued by a revoked intermediate after the revocation time
The 2023 key ceremony is going to generate an intermediate, immediately revoke it, and never have it configured in Boulder, but we still need a plan for the eventuality of...
For several years SRE has relied upon various scripts to monitor IANA gTLD deprecations. When a gTLD is deprecated they have to do toil work such as: 1. Making a...
Metadata
Owner
Metadata
An ACME-based certificate authority, written in Go.