Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | SSLCA: Verify all certs | Alexander Sulfrian | 2022-02-14 | 1 | -9/+11 |
| | | | | | Even verify self signed certificates to recreate the certificate if it is expired. | ||||
* | SSLCA: Allow to create self signed certificates | Alexander Sulfrian | 2022-02-14 | 1 | -10/+16 |
| | |||||
* | SSLCA: root_ca is a BooleanOption | Alexander Sulfrian | 2022-01-30 | 1 | -2/+1 |
| | | | | This will fix: 'bool' object has no attribute 'lower' | ||||
* | SSLCA: Fix certificate validation | Alexander Sulfrian | 2022-01-16 | 1 | -7/+4 |
| | | | | | | | | | | | We should favour "-trusted" over "-CAfile" because it will skip the system-wide CAs and ensure that the certificate is relay validated against the specified CA. For validation against an intermediate certificate, only an additional "-partial_chain" is required. With "-untrusted" we previously added an unstrusted intermediate certificate only and validated the cert against default system wide installed CAs. | ||||
* | Rewrote SSLCA as Cfg handler. | Chris St. Pierre | 2013-08-13 | 1 | -0/+255 |
This adds encryption support to SSL key creation (much like SSH private keys), and the ability to generate keys and certs that are specific to groups, instead of just to hosts. It also moves the SSLCA data (the XML files describing keys and certs as well as the keys and certs themselves) into the Cfg tree, rather than off in their own separate place. tools/upgrade/1.4/migrate_sslca.py can be used to migrate to the new format. This also adds XMLCfgCreator, a CfgCreator that makes it easier to create data based on XML descriptions of it (which is exactly what the SSH key and SSL CA creators do), including built-in support for host- and group-specific data, encryption, and so on. |