Jeff Mitchell
935c045cfa
Fix permitted dns domain handling ( #4905 )
...
It should not require a period to indicate subdomains being allowed
Fixes #4863
2018-07-11 12:44:49 -04:00
Mr Talbot
5551a63221
pki: add ext_key_usage to mirror key_usage and add to sign-verbatim ( #4777 )
...
* pki: add ext_key_usage parameter to role
* pki: add key_usage and ext_key_usage parameter to sign-verbatim
* pki: cleanup code as per comments
2018-06-15 18:20:43 -04:00
Jeff Mitchell
91ca3d4b7f
Add URI SANs ( #4767 )
2018-06-15 15:32:25 -04:00
Jeff Mitchell
3a568b6175
Update key_type parameter description
2018-05-19 12:20:37 -04:00
Matthew Irish
cff34e983f
UI - pki updates ( #4291 )
...
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
2018-04-08 21:09:29 -05:00
Seth Vargo
0b827774ae
Drop vault.rocks ( #4186 )
2018-03-23 11:41:51 -04:00
Jeff Mitchell
9d030aaf37
Note that you can set a CA chain when using set-signed.
...
Fixes #2246
2018-03-19 19:44:07 -04:00
Jeff Mitchell
f29bde0052
Support other names in SANs ( #3889 )
2018-02-16 17:19:34 -05:00
Vishal Nayak
80ffd07b8b
added a flag to make common name optional if desired ( #3940 )
...
* added a flag to make common name optional if desired
* Cover one more case where cn can be empty
* remove skipping when empty; instead check for emptiness before calling validateNames
* Add verification before adding to DNS names to also fix #3918
2018-02-09 13:42:19 -05:00
Jeff Mitchell
d1803098ae
Merge branch 'master-oss' into sethvargo/cli-magic
2018-01-03 14:02:31 -05:00
dmwilcox
39dd122663
Update docs to reflect ability to load cold CA certs to output full chains. ( #3740 )
2018-01-03 10:59:18 -05:00
Chris Hoffman
3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice ( #3621 )
2017-12-11 13:13:35 -05:00
Paulo Ribeiro
0ee55dde52
Remove duplicate link in ToC ( #3671 )
2017-12-11 12:52:58 -05:00
Jeff Mitchell
b5d21ebdae
Cross reference pki/cert in a few places.
2017-12-11 11:10:28 -05:00
Mohsen
2aa576149c
Small typo relating to no_store in pki secret backend ( #3662 )
...
* Removed typo :)
* Corrected typo in the website related to no_store
2017-12-07 10:40:21 -05:00
Jeff Mitchell
17310654a1
Add PKCS8 marshaling to PKI ( #3518 )
2017-11-06 12:05:07 -05:00
Seth Vargo
51a27b758b
Resolve the most painful merge conflict known on earth
2017-10-24 09:34:12 -04:00
Seth Vargo
2982fdf7ca
Remove ?list examples
...
They are documented in the overall API section, but people should get used to seeing LIST as a verb
2017-10-24 09:32:15 -04:00
Martins Sipenko
a2808db1af
Fix docs ( #3449 )
2017-10-11 11:29:26 -04:00
Jeff Mitchell
e3ce60eb1f
Allow entering PKI URLs as arrays. ( #3409 )
...
Fixes #3407
2017-10-03 16:13:57 -04:00
Jeff Mitchell
cb6ac1e926
Change behavior of TTL in sign-intermediate ( #3325 )
...
* Fix using wrong public key in sign-self-issued
* Change behavior of TTL in sign-intermediate
This allows signing CA certs with an expiration past the signer's
NotAfter.
It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.
Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
2017-09-13 11:42:45 -04:00
Jeff Mitchell
abb2ab2918
Add pki/root/sign-self-issued. ( #3274 )
...
* Add pki/root/sign-self-issued.
This is useful for root CA rolling, and is also suitably dangerous.
Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.
* Add tests
2017-08-31 23:07:15 -04:00
Chris Hoffman
27598ce960
Add GET variant on LIST endpoints ( #3232 )
2017-08-23 17:59:22 -04:00
Jeff Mitchell
340fe4e609
Add permitted dns domains to pki ( #3164 )
2017-08-15 16:10:36 -04:00
Jeff Mitchell
e4eb6e9020
Make PKI root generation idempotent-ish and add delete endpoint. ( #3165 )
2017-08-15 14:00:40 -04:00
Vishal Nayak
58b68dc35e
doc: PKI API table of contents ( #2756 )
...
* Add a table of contents for api/secret/pki
* Fix the read certificate link
2017-05-23 09:19:47 -04:00
mhristof
df325288ac
fix format for secret/pki ( #2668 )
2017-05-02 07:52:55 -04:00
Justin Gerace
403efeb5ae
Add globbing support to the PKI backend's allowed_domains list ( #2517 )
2017-05-01 10:40:18 -04:00
Jeff Mitchell
4995c69763
Update sign-verbatim to correctly set generate_lease ( #2593 )
2017-04-18 15:54:31 -04:00
Jeff Mitchell
d5f5ecf0ab
Remove allow_token_displayname from docs as we don't support that any longer
2017-04-17 17:25:44 -04:00
Shivaram Lingamneni
2117dfd717
implement a no_store option for pki roles ( #2565 )
2017-04-07 11:25:47 -07:00
Paul Cichonski
75e531e8aa
fix typo in pki api doc
2017-04-02 17:02:11 -04:00
Seth Vargo
d4390d103e
/docs/http -> /api
2017-03-17 14:06:03 -04:00