Mariano Cano
Mariano Cano
### Description This PR replaces some commands to use `go.step.sm/crypto` instead of `github.com/smallstep/cli/crypto`. At some point, we should only `go.step.sm/crypto` (and `go.step.sm/cli-utils`), but having all commands migrated is not the...
## ~~Add option to save a private key using PKCS #8~~ ### Description Some frameworks do not support `PKCS #1` OR `SEC1 EC` formats for the private key and require...
### Description To remove dependencies of the cross dependency of the `step` and `step-ca` we created `go.step.sm/crypto` and `go.step.sm/cli-utils`. `step-ca` already uses those ones, but we should to do the...
### Description Caddy is using the step certificates authority, but the use of it initializes the STEPPATH, creating the ~/.step directory automatically. We should have a way to disable this...
### Description This PR adds the option to revoke and refresh tokens
### What would you like to be added Add a new annotation that allows the user to get an RSA/EdDSA instead of an ECDSA certificate. ### Why this is needed...
### Description Some frameworks do not support `PKCS #1` OR `SEC1 EC` formats for the private key and require the use of `PKCS #8`. See https://github.com/smallstep/autocert/issues/17#issuecomment-725966689 We should add options...
### Description [Hello mTLS for Kafka](https://smallstep.com/hello-mtls/doc/combined/kafka/kafka-cli) requires the use of OpenSSL to create PKCS#12 certificates. But now `step` has now support for this kind of certificates using `step certificate p12`...
### Description This PR adds validation of name constraints before issuing an X509 certificate Fixes #1060
### Description Enforce name constraints on X509 cert issuance. For example, if the intermediate has: * PermittedDNSDomains=example.com, then example.com and www.example.com will be permitted, but acme.com will not. * ExcludedDNSDomains=example.com,...