github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
540 Commits 1 Branch 0 Tags
master
Commit Graph

44 Commits

Author SHA1 Message Date
Arjan H
37dd9184a7 Bump boulder version to v0.20251216.0 2025-12-27 16:40:48 +01:00
Arjan H
c23a8762aa Bump boulder version to v0.20250902.0 2025-09-06 12:39:43 +02:00
Arjan H
1a5050b3b0 Bump boulder version to v0.20250707.0 2025-07-12 20:25:18 +02:00
Arjan H
0febdd24e6 Bump boulder version to release-2025-05-27 2025-05-31 12:29:07 +02:00
Arjan H
407a08a1a3 Bump boulder version to release-2025-03-10 2025-03-13 21:20:26 +01:00
Arjan H
6f66bc73ac Fix issuer and CRL URLs in certificates 2025-02-16 17:08:44 +01:00
Arjan H
9bad889fab Use redis for OCSP as well, in different database number 2025-02-16 16:25:27 +01:00
Arjan H
f14a2636c5 Bump boulder version to release-2025-02-04; add redis container 
Let's Encrypt has changed the rate limiter to require redis, so we can
no longer remove it from the docker compose filei completely. But at
least we can run it once instead of four instances.
 2025-02-10 19:38:38 +01:00
Arjan H
6d72d32398 Use ceremony tool for generating keys and certs; store keys on SoftHSM 
Replace openssl certificate / CRL generation with the tool as used by
Let's Encrypt, storing the keys on SoftHSMv2, a simulated HSM (Hardware
Security Module).
Include migration of old setups where key files were also stored on
disk.
 2025-01-31 20:44:48 +01:00
Arjan H
131b8d3505 Fix new(ish) db migration and add check 2025-01-18 19:49:20 +01:00
Arjan H
2cb4d797ec Temporarily issue both ECDSA and RSA from same issuer (#138 #144 #150) 
The official Let's Encrypt boulder code only issues RSA certificates
from RSA issuer certificates and only ECDSA certificates from an ECDSA
issuer CA. Many people are having issues with this in LabCA.

Until we have the option for multiple issuers per root CA and/or
multiple CA chains in the GUI of LabCA, use the single issuer CA for
both key types.
 2025-01-12 10:30:36 +01:00
Arjan H
4c842e8977 Bump boulder version to release-2024-10-28 2024-11-01 19:09:54 +01:00
Arjan H
cab022a4c8 Bump boulder version to release-2024-08-30a 2024-08-31 16:04:55 +02:00
Arjan H
cab563d1d7 Bump boulder version to release-2024-07-29 2024-08-30 16:31:07 +02:00
Arjan H
18b53030a1 Bump boulder version to release-2024-06-10 2024-08-26 20:16:12 +02:00
Arjan H
ddbaa63b5b Bump boulder version to release-2024-05-20 2024-08-24 15:15:21 +02:00
Arjan H
4eb3ad877c Bump boulder version to release-2024-05-06 2024-07-02 19:47:47 +02:00
Arjan H
5d27e00fa4 Bump boulder version to release-2024-04-30 2024-05-04 21:26:13 +02:00
Arjan H
df3d112d42 Bump boulder version to release-2024-02-20 2024-02-23 20:18:53 +01:00
Arjan H
98871cd6e7 Suppress 'must end in IANA registered TLD' error on renewal (#114) 
When using whitelist/lockdown domains, also accept them in va.extractRequestTarget().
Apparently that method only gets used on renewal but not during the original request?
 2024-02-23 17:52:38 +01:00
Arjan H
9549ac3cde Decrease health check interval 
Prevents flood of messages on slow startup
 2024-01-28 08:44:11 +01:00
Arjan H
80c33ee6ff Fix db migration to preserve existing data 2023-12-09 14:55:33 +01:00
Arjan H
88899cbd67 Bump boulder version to release-2023-12-04 2023-12-09 14:39:50 +01:00
Arjan H
c32f653adb Bump boulder version to release-2023-10-30 2023-11-03 20:09:56 +01:00
Arjan H
c04e4ffdbc Bump boulder version to release-2023-09-19 2023-09-24 12:54:50 +02:00
Arjan H
736b361228 Bump boulder version to release-2023-09-11 2023-09-20 19:26:33 +02:00
Arjan H
0cc6fb6b93 Bump boulder version to release-2023-08-14 2023-08-17 19:35:56 +02:00
Arjan H
e3e0767303 Remove fqdn restriction from wfe2 DirectoryCAAIdentity config (#76) 
Let's Encrypt added validation on this field in their b2224eb4b commit
from 2023-03-21, but this seems unnecessarily strict when looking at the
CAA rfc. It's a problem for LabCA users only using one top level domain,
e.g. 'home'.
 2023-07-01 14:24:15 +02:00
Arjan H
1397085935 Bump boulder version to release-2023-05-22 2023-05-25 19:32:51 +02:00
Arjan H
0ed9d8eac2 Build and use local docker images for docker-only setup (#41) 
For now, the images are still built on the target machine for testing,
in the end they need to be built in a GitHub action.
 2023-04-15 09:19:17 +02:00
Arjan H
412762cc58 Bump boulder version to release-2023-04-04 2023-04-07 13:44:44 +02:00
Arjan H
6356aa4c17 Bump boulder version to release-2022-11-15 2022-11-16 19:20:35 +01:00
Arjan H
69ff1e6180 Generate first CRL file as soon as possible (#63) 2022-11-05 15:35:39 +01:00
Arjan H
564fa7bbbf Cosmetic: remove datacenter 'unknown' from log messages 2022-10-28 17:51:52 +02:00
Arjan H
780c10daeb Bump boulder version to release-2022-10-25 2022-10-26 20:38:34 +02:00
Arjan H
40da9493d4 Bump boulder version to release-2022-10-17 2022-10-23 13:10:17 +02:00
Arjan H
5c4fb7b6fb Fix startup script to use correct config folder 2022-10-22 17:36:24 +02:00
Arjan H
7ef7e6576c Fix log issue after release-2022-08-29 2022-09-06 22:13:45 +02:00
Arjan H
b867f772a0 Fix PrintableString/UTF8String issue in Issuer Name of the CRL 2022-08-19 21:19:34 +02:00
Arjan H
5c3380bf0f Generate and store crl files regularly; set crl URL in certs 
Tweak the new crl-storer to save the crl files locally instead of in S3,
with some housekeeping to keep only the last five versions.
 2022-08-17 20:36:39 +02:00
Arjan H
c8ba8e7b9d Bump boulder version to release-2022-07-25 2022-07-29 19:32:22 +02:00
Arjan H
691a0bd29f Fix lintIssuer with mixed RSA/ECDSA certificates (#46) 2022-06-04 15:22:18 +02:00
Arjan H
1f536c12bd Bump boulder version to release-2022-05-09 2022-05-12 07:33:50 +02:00
Arjan H
169b147078 Extract code patching to separate script 2022-04-15 11:12:12 +02:00