Carl Tashian
Carl Tashian
Sometimes ACME clients can misbehave and it's pretty easy to DoS step-ca in that case. @MCWertGaming discovered an interaction between Caddy and `step-ca` that causes a flood of ACME requests,...
- Darwin and Windows CGO builds may Just Work for most people - For Darwin, enabling CGO will result in `step-ca` using the macOS system DNS resolver, which is a...
- [ ] write build & nfpm config in GoReleaser - [ ] bundle the systemd service unit; should support systemd 229+ Here's a starting point for the nfpm configuration:...
Right now, to use custom OIDs you have to add a base64-encoded asn.1 value to the template. There's no way in the template engine to generate these values, so the...
The recommendation is to set `Cache-Control: private, no-store` on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information...
Right now it exits without contacting the CA
I think the source archive for each release should expand everything into `certificates/`, rather than the current directory. A single subdir feels right in terms of convention and UX, to...
If renewal is attempted with a non-"client auth" cert, the client returns a "tls: bad certificate error", because the mutual TLS handshake fails. The client should output a more useful...
### Steps to Reproduce When running `step-ca --token ey.... --issuer-password-file issuer-pw --context ra-quickstart` I get: `could not load context 'ra-quickstart'` ### Your Environment * OS - macOS * `step-ca` Version...