]>
WPIA git - nre.git/log
summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
INOPIAE [Tue, 2 Apr 2019 08:49:32 +0000 (10:49 +0200)]
upd: correct starting date of certificate
Change-Id: Ibfb2aca6a501e7b0919dcc3bdf9dfa360aa55ab2
INOPIAE [Thu, 7 Mar 2019 04:53:07 +0000 (05:53 +0100)]
upd: change times to meet criteria from RFC5280
"CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime ("YYMMDDhhmm[ss]Z");
certificate validity dates in 2050 or later MUST be encoded as
GeneralizedTime ("YYYYMMDDHH[MM[SS[.fff]]]")."
Change-Id: I3cb9378984b5c5fefa708f0d073850d10acec286
INOPIAE [Fri, 30 Nov 2018 12:48:36 +0000 (13:48 +0100)]
upd: change period to validity of 24 months
It should be 24 months after the last use to sign a new certificate.
Change-Id: Ia9be3c43220ba612bd0d46040b7dffc42f0bfa83
Felix Dörre [Tue, 27 Jun 2017 22:50:26 +0000 (00:50 +0200)]
upd: generic OCSP profile for correct OCSP certs
Change-Id: Id3c7c9dde217cc6922afca82d45f894daccce513
Lucas Werkmeister [Thu, 23 Mar 2017 21:44:34 +0000 (22:44 +0100)]
upd: extract Distinguished Name fields, document config
Change-Id: I5d838b9c82a306ad2c3b62c865282e5fdec5ecc2
Lucas Werkmeister [Wed, 22 Mar 2017 18:24:10 +0000 (19:24 +0100)]
upd: remove CAcert, generally improve README.md
Still to do, but not in this commit: extract all remaining strings like
“WPIA root” or “Test Environment” into a single file and then document
clearly in the README.md which one file should be edited or created to
put the correct information in the certificates.
Change-Id: Ic1cb0dd1fffc2bf297ab9020fa8713b9efcba868
Felix Dörre [Thu, 5 Jan 2017 19:58:39 +0000 (20:58 +0100)]
restrict non-verified profiles to 6 months
Change-Id: I901e78234d5f11e85f60d0c8ea10ebb476d857e8
Felix Dörre [Thu, 5 Jan 2017 19:51:52 +0000 (20:51 +0100)]
add: generate htdocs-archives
Change-Id: I2302356baa00a7c929a1a94f659fb661ffe6caad
Felix Dörre [Fri, 16 Dec 2016 11:23:54 +0000 (12:23 +0100)]
add: OCSP signing profiles
Generated By:
(. ../structure.bash; i=0; for ca in ${STRUCT_CAS[@]}; do i=$((i+1)); cat <<EOF > $(printf '01%02d-ocsp-%s.cfg' $i $ca); done)
ca=$ca
ku=digitalSignature
eku=OCSPSigning
days=732
include=orga,domain,noOCSP
requires=points>=100,ocsp
name=ocsp ($ca)
EOF
Change-Id: I303db0157ef0afeb2b08fdef2e8df9c139c5f5c2
Felix Dörre [Fri, 16 Dec 2016 16:39:51 +0000 (17:39 +0100)]
upd: remove remainders of env-CA
Change-Id: Ib6077b5da1475b273f3fcbe44f4581ef597cf6d5
Felix Dörre [Fri, 16 Dec 2016 11:23:12 +0000 (12:23 +0100)]
remove remainders of env-CA
Change-Id: I8e88f461594208ab6b85e1bf227336679d8e353c
Lucas Werkmeister [Fri, 22 Apr 2016 18:44:52 +0000 (20:44 +0200)]
Use Bash arrays instead of word splitting
Just in case we ever want to use spaces in any of those places.
Felix Dörre [Fri, 22 Apr 2016 16:01:12 +0000 (18:01 +0200)]
del: also do not collect gigi keys
as they are not generated anymore
Felix Dörre [Fri, 22 Apr 2016 15:53:28 +0000 (17:53 +0200)]
del: remaining of infra-keys
Felix Dörre [Fri, 22 Apr 2016 15:46:11 +0000 (17:46 +0200)]
del: remove the special role of the 'env'-CA
Lucas Werkmeister [Fri, 22 Apr 2016 16:00:55 +0000 (18:00 +0200)]
Allow finding libfaketime in multiple locations
The install location of libfaketime varies across distributions.
Lucas Werkmeister [Tue, 12 Apr 2016 12:44:53 +0000 (14:44 +0200)]
Add generated to .gitignore
Lucas Werkmeister [Mon, 11 Apr 2016 18:41:51 +0000 (20:41 +0200)]
Untabify shell scripts
find -type f -\( -executable -or -name '*.bash' -\) \
-exec sed -i 's/\t/ /g' {} +
Lucas Werkmeister [Mon, 11 Apr 2016 18:31:43 +0000 (20:31 +0200)]
Rename shell scripts
The usual convention is have no file name extension for executable
scripts, and to name library scripts according to their shell (here:
.bash). The rationale for the first part is that users do not need to
konw whether a program is a shell script or not, and this allows one to
rewrite the program in a different language (interpreted or compiled)
without having to update anything that refers to the program name
(documentation, crontab, etc.).
In this case, the file name extensions were also misleading, since the
scripts have a Bash shebang and use Bash features. If a user, based on
the file name extension, had tried to run a script as `sh all.sh`, it
would not have worked.
Citation: Google Shell Style Guide,
https://google.github.io/styleguide/shell.xml#File_Extensions
Felix Dörre [Mon, 11 Apr 2016 15:39:08 +0000 (17:39 +0200)]
fix: README.md all.sh now requires parameters
Felix Dörre [Mon, 21 Dec 2015 13:40:17 +0000 (14:40 +0100)]
upd: parametrize all.sh
Felix Dörre [Mon, 21 Dec 2015 13:40:06 +0000 (14:40 +0100)]
upd: verify new extensions
Felix Dörre [Thu, 5 Nov 2015 13:48:21 +0000 (14:48 +0100)]
make htdocs structure constistent
Felix Dörre [Sat, 3 Oct 2015 12:39:07 +0000 (14:39 +0200)]
moving OIDs down one layer to include the root cert's generation '2'
Felix Dörre [Sat, 3 Oct 2015 11:40:11 +0000 (13:40 +0200)]
upd: generate drop-in-able configs for gigi
Felix Dörre [Sat, 3 Oct 2015 10:17:28 +0000 (12:17 +0200)]
marking extensions critical, adding CPS-identifiers, adding Country
Felix Dörre [Sun, 23 Aug 2015 06:41:25 +0000 (08:41 +0200)]
upd: find libfaketime platform independently
Felix Dörre [Sat, 22 Aug 2015 22:22:38 +0000 (00:22 +0200)]
upd: encrypto the CRLs, do not compress offline data before crypting, add summary
Felix Dörre [Tue, 14 Jul 2015 20:57:01 +0000 (22:57 +0200)]
output date, when procedure starts
Felix Dörre [Tue, 26 May 2015 14:42:56 +0000 (16:42 +0200)]
fix: use better friendly names in pkcs12-files
Felix Dörre [Tue, 26 May 2015 14:00:00 +0000 (16:00 +0200)]
collect gigi keys
Janis Streib [Wed, 20 May 2015 16:36:51 +0000 (18:36 +0200)]
ADD: Execution permissions to collectGigiConfig.sh
Felix Dörre [Thu, 14 May 2015 22:37:01 +0000 (00:37 +0200)]
upd: orga-requires has wrong keys
Felix Dörre [Thu, 14 May 2015 21:51:58 +0000 (23:51 +0200)]
adding unpack offline, fixing pkcs12 (which requires libfaketime)
Felix Dörre [Thu, 14 May 2015 21:48:29 +0000 (23:48 +0200)]
adding displayname to profiles
Felix Dörre [Wed, 13 May 2015 16:14:24 +0000 (18:14 +0200)]
adding stuff-collection
Felix Dörre [Tue, 12 May 2015 17:03:15 +0000 (19:03 +0200)]
add: collecting gigi config
Felix Dörre [Tue, 12 May 2015 17:01:59 +0000 (19:01 +0200)]
move generated to own folder + permissions
Felix Dörre [Tue, 12 May 2015 16:29:19 +0000 (18:29 +0200)]
using DOMAIN for AIA-urls
Felix Dörre [Sat, 2 May 2015 12:20:13 +0000 (14:20 +0200)]
Adding crl generation to all.sh
Felix Dörre [Sat, 2 May 2015 11:36:31 +0000 (13:36 +0200)]
add CRLs generation and collection
Felix Dörre [Thu, 23 Apr 2015 16:59:42 +0000 (18:59 +0200)]
upd: clarify profile syntax
Felix Dörre [Wed, 22 Apr 2015 19:37:28 +0000 (21:37 +0200)]
Add: requires and includes for orga profiles
Felix Dörre [Wed, 22 Apr 2015 19:29:43 +0000 (21:29 +0200)]
ADD: include and requires property for profiles
Felix Dörre [Mon, 20 Apr 2015 17:56:19 +0000 (19:56 +0200)]
consistency generate -> verify -> collect
Felix Dörre [Mon, 20 Apr 2015 17:48:28 +0000 (19:48 +0200)]
...: Minor fixes
Felix Dörre [Tue, 7 Apr 2015 19:04:59 +0000 (21:04 +0200)]
UPD: better start+endtime for time-certs
Felix Dörre [Tue, 7 Apr 2015 13:44:07 +0000 (15:44 +0200)]
Add: script for collection of files to publish via other http
Felix Dörre [Tue, 7 Apr 2015 08:09:44 +0000 (10:09 +0200)]
minor fixup in doc-odt
Felix Dörre [Tue, 7 Apr 2015 08:03:04 +0000 (10:03 +0200)]
add: collect files for crt server htdocs
Felix Dörre [Tue, 7 Apr 2015 07:50:58 +0000 (09:50 +0200)]
upd: verify more closely
Felix Dörre [Tue, 7 Apr 2015 00:05:13 +0000 (02:05 +0200)]
Adding certificate Profiles to documentation
Felix Dörre [Tue, 7 Apr 2015 00:04:49 +0000 (02:04 +0200)]
several fixes on certificate profiles
Felix Dörre [Mon, 6 Apr 2015 23:44:12 +0000 (01:44 +0200)]
FIX: minor cert structure fixups
Felix Dörre [Mon, 6 Apr 2015 21:52:30 +0000 (23:52 +0200)]
Add: Proposal document for Roots Structure
Felix Dörre [Sun, 5 Apr 2015 09:57:42 +0000 (11:57 +0200)]
Fixing times, doing full times where possible
Felix Dörre [Sun, 5 Apr 2015 09:26:43 +0000 (11:26 +0200)]
adding multiple time-CAs per year
Felix Dörre [Fri, 3 Apr 2015 22:46:33 +0000 (00:46 +0200)]
cleanup shellscripts + README.md
Felix Dörre [Fri, 3 Apr 2015 21:48:08 +0000 (23:48 +0200)]
add: generate cassiopeia server config
Felix Dörre [Fri, 3 Apr 2015 21:37:47 +0000 (23:37 +0200)]
Add: generating signerClientConfig
Felix Dörre [Fri, 3 Apr 2015 21:11:37 +0000 (23:11 +0200)]
UPD: better generation structure. Better 'time'-structure.
Felix Dörre [Fri, 3 Apr 2015 19:20:27 +0000 (21:20 +0200)]
adding general (simple) structure and profiles