Michael Malone
Michael Malone
> I spent at least a couple hours figuring out / recalling how to get `openssl` to do this. Heh. Sorry :( > for creating a CA that can only...
Thanks for the suggestion @gzm55. There are some clever ideas in here that I don't think we've considered before. Specifically, we've tried doing login at the `check-host` step, but that...
Our renewal mechanism uses client authentication / mTLS. I'm not sure I would say this is "working as intended", but what's going on here totally makes sense and the TLS...
@shoopdawoop better alerts are a good idea. We're thinking about the best way to do this. In the meantime, I think you could use the `--exec` command to `step ca...
@shoopdawoop ah, ok. Didn't realize you wanted this stuff server-side. Monitoring the logs should work pretty well. You may want to add: ``` "logger": { "format": "json" }, ``` to...
I'm going to reopen this because there is definitely something fishy going on with control characters in Windows. I suspect this is either character encoding issues (I believe we assume...
Hrm. I didn't know `step ca revoke ` was a valid incantation. I thought it was either: 1. `step ca revoke ` -- authenticate using provisioner credentials to revoke by...
Based on context for this issue, it does sound like we need may a better error if we try to revoke an invalid serial number. Before implementing a fix we'll...
Ah, of course. That makes sense. We might still want to add an alias under the `step ssh` command group for ergonomics if people aren't finding this. For now let's...
Nice! I didn't realize that. Let's leave it as is for the moment and make sure we get it documented. If people still aren't finding this option we might want...