Commit graph

35 commits

Author SHA1 Message Date
Jim Kalafut 7b7f1cc7ff
Add ttl parameter to pki api docs (#5063) 2018-08-08 09:12:14 -07:00
dmicanzerofox a3d067c00b PKI Tidy Revocation List optionally Tidy Revoked Certs that are Unexpired (#4916) 2018-07-13 09:32:32 -04:00
Jeff Mitchell 935c045cfa
Fix permitted dns domain handling (#4905)
It should not require a period to indicate subdomains being allowed

Fixes #4863
2018-07-11 12:44:49 -04:00
Mr Talbot 5551a63221 pki: add ext_key_usage to mirror key_usage and add to sign-verbatim (#4777)
* pki: add ext_key_usage parameter to role

* pki: add key_usage and ext_key_usage parameter to sign-verbatim

* pki: cleanup code as per comments
2018-06-15 18:20:43 -04:00
Jeff Mitchell 91ca3d4b7f
Add URI SANs (#4767) 2018-06-15 15:32:25 -04:00
Jeff Mitchell 3a568b6175 Update key_type parameter description 2018-05-19 12:20:37 -04:00
Matthew Irish cff34e983f
UI - pki updates (#4291)
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
2018-04-08 21:09:29 -05:00
Seth Vargo 0b827774ae Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Jeff Mitchell 9d030aaf37 Note that you can set a CA chain when using set-signed.
Fixes #2246
2018-03-19 19:44:07 -04:00
Jeff Mitchell f29bde0052
Support other names in SANs (#3889) 2018-02-16 17:19:34 -05:00
Vishal Nayak 80ffd07b8b added a flag to make common name optional if desired (#3940)
* added a flag to make common name optional if desired

* Cover one more case where cn can be empty

* remove skipping when empty; instead check for emptiness before calling validateNames

* Add verification before adding to DNS names to also fix #3918
2018-02-09 13:42:19 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
dmwilcox 39dd122663 Update docs to reflect ability to load cold CA certs to output full chains. (#3740) 2018-01-03 10:59:18 -05:00
Chris Hoffman 3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Paulo Ribeiro 0ee55dde52 Remove duplicate link in ToC (#3671) 2017-12-11 12:52:58 -05:00
Jeff Mitchell b5d21ebdae
Cross reference pki/cert in a few places. 2017-12-11 11:10:28 -05:00
Mohsen 2aa576149c Small typo relating to no_store in pki secret backend (#3662)
* Removed typo :)

* Corrected typo in the website related to no_store
2017-12-07 10:40:21 -05:00
Jeff Mitchell 17310654a1
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Seth Vargo 51a27b758b
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo 2982fdf7ca
Remove ?list examples
They are documented in the overall API section, but people should get used to seeing LIST as a verb
2017-10-24 09:32:15 -04:00
Martins Sipenko a2808db1af Fix docs (#3449) 2017-10-11 11:29:26 -04:00
Jeff Mitchell e3ce60eb1f Allow entering PKI URLs as arrays. (#3409)
Fixes #3407
2017-10-03 16:13:57 -04:00
Jeff Mitchell cb6ac1e926 Change behavior of TTL in sign-intermediate (#3325)
* Fix using wrong public key in sign-self-issued

* Change behavior of TTL in sign-intermediate

This allows signing CA certs with an expiration past the signer's
NotAfter.

It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.

Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
2017-09-13 11:42:45 -04:00
Jeff Mitchell abb2ab2918 Add pki/root/sign-self-issued. (#3274)
* Add pki/root/sign-self-issued.

This is useful for root CA rolling, and is also suitably dangerous.

Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.

* Add tests
2017-08-31 23:07:15 -04:00
Chris Hoffman 27598ce960 Add GET variant on LIST endpoints (#3232) 2017-08-23 17:59:22 -04:00
Jeff Mitchell 340fe4e609 Add permitted dns domains to pki (#3164) 2017-08-15 16:10:36 -04:00
Jeff Mitchell e4eb6e9020 Make PKI root generation idempotent-ish and add delete endpoint. (#3165) 2017-08-15 14:00:40 -04:00
Vishal Nayak 58b68dc35e doc: PKI API table of contents (#2756)
* Add a table of contents for api/secret/pki

* Fix the read certificate link
2017-05-23 09:19:47 -04:00
mhristof df325288ac fix format for secret/pki (#2668) 2017-05-02 07:52:55 -04:00
Justin Gerace 403efeb5ae Add globbing support to the PKI backend's allowed_domains list (#2517) 2017-05-01 10:40:18 -04:00
Jeff Mitchell 4995c69763 Update sign-verbatim to correctly set generate_lease (#2593) 2017-04-18 15:54:31 -04:00
Jeff Mitchell d5f5ecf0ab Remove allow_token_displayname from docs as we don't support that any longer 2017-04-17 17:25:44 -04:00
Shivaram Lingamneni 2117dfd717 implement a no_store option for pki roles (#2565) 2017-04-07 11:25:47 -07:00
Paul Cichonski 75e531e8aa fix typo in pki api doc 2017-04-02 17:02:11 -04:00
Seth Vargo d4390d103e
/docs/http -> /api 2017-03-17 14:06:03 -04:00
Renamed from website/source/docs/http/secret/pki/index.html.md (Browse further)