nre.git
14 months agoupd: adjust duration of server certificates master
INOPIAE [Wed, 15 Jul 2020 04:26:22 +0000 (06:26 +0200)]
upd: adjust duration of server certificates

Adjustment is needed to match current requirements of browsers to have
server certifcates with a duration not longer than one year.

Change-Id: I5c047d2e5e86939724842a95a4095bbb3cd5920b

2 years agoupd: correct starting date of certificate
INOPIAE [Tue, 2 Apr 2019 08:49:32 +0000 (10:49 +0200)]
upd: correct starting date of certificate

Change-Id: Ibfb2aca6a501e7b0919dcc3bdf9dfa360aa55ab2

2 years agoupd: change times to meet criteria from RFC5280
INOPIAE [Thu, 7 Mar 2019 04:53:07 +0000 (05:53 +0100)]
upd: change times to meet criteria from RFC5280

"CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime ("YYMMDDhhmm[ss]Z");
certificate validity dates in 2050 or later MUST be encoded as
GeneralizedTime ("YYYYMMDDHH[MM[SS[.fff]]]")."

Change-Id: I3cb9378984b5c5fefa708f0d073850d10acec286

2 years agoupd: change period to validity of 24 months
INOPIAE [Fri, 30 Nov 2018 12:48:36 +0000 (13:48 +0100)]
upd: change period to validity of 24 months

It should be 24 months after the last use to sign a new certificate.

Change-Id: Ia9be3c43220ba612bd0d46040b7dffc42f0bfa83

4 years agoupd: generic OCSP profile for correct OCSP certs
Felix Dörre [Tue, 27 Jun 2017 22:50:26 +0000 (00:50 +0200)]
upd: generic OCSP profile for correct OCSP certs

Change-Id: Id3c7c9dde217cc6922afca82d45f894daccce513

4 years agoupd: extract Distinguished Name fields, document config
Lucas Werkmeister [Thu, 23 Mar 2017 21:44:34 +0000 (22:44 +0100)]
upd: extract Distinguished Name fields, document config

Change-Id: I5d838b9c82a306ad2c3b62c865282e5fdec5ecc2

4 years agoupd: remove CAcert, generally improve README.md
Lucas Werkmeister [Wed, 22 Mar 2017 18:24:10 +0000 (19:24 +0100)]
upd: remove CAcert, generally improve README.md

Still to do, but not in this commit: extract all remaining strings like
“WPIA root” or â€œTest Environment” into a single file and then document
clearly in the README.md which one file should be edited or created to
put the correct information in the certificates.

Change-Id: Ic1cb0dd1fffc2bf297ab9020fa8713b9efcba868

4 years agorestrict non-verified profiles to 6 months
Felix Dörre [Thu, 5 Jan 2017 19:58:39 +0000 (20:58 +0100)]
restrict non-verified profiles to 6 months

Change-Id: I901e78234d5f11e85f60d0c8ea10ebb476d857e8

4 years agoadd: generate htdocs-archives
Felix Dörre [Thu, 5 Jan 2017 19:51:52 +0000 (20:51 +0100)]
add: generate htdocs-archives

Change-Id: I2302356baa00a7c929a1a94f659fb661ffe6caad

4 years agoadd: OCSP signing profiles
Felix Dörre [Fri, 16 Dec 2016 11:23:54 +0000 (12:23 +0100)]
add: OCSP signing profiles

Generated By:
(. ../structure.bash; i=0; for ca in ${STRUCT_CAS[@]}; do i=$((i+1)); cat <<EOF > $(printf '01%02d-ocsp-%s.cfg' $i $ca); done)
ca=$ca
ku=digitalSignature
eku=OCSPSigning
days=732
include=orga,domain,noOCSP
requires=points>=100,ocsp
name=ocsp ($ca)
EOF

Change-Id: I303db0157ef0afeb2b08fdef2e8df9c139c5f5c2

4 years agoupd: remove remainders of env-CA
Felix Dörre [Fri, 16 Dec 2016 16:39:51 +0000 (17:39 +0100)]
upd: remove remainders of env-CA

Change-Id: Ib6077b5da1475b273f3fcbe44f4581ef597cf6d5

4 years agoremove remainders of env-CA
Felix Dörre [Fri, 16 Dec 2016 11:23:12 +0000 (12:23 +0100)]
remove remainders of env-CA

Change-Id: I8e88f461594208ab6b85e1bf227336679d8e353c

5 years agoUse Bash arrays instead of word splitting
Lucas Werkmeister [Fri, 22 Apr 2016 18:44:52 +0000 (20:44 +0200)]
Use Bash arrays instead of word splitting

Just in case we ever want to use spaces in any of those places.

5 years agodel: also do not collect gigi keys
Felix Dörre [Fri, 22 Apr 2016 16:01:12 +0000 (18:01 +0200)]
del: also do not collect gigi keys

as they are not generated anymore

5 years agodel: remaining of infra-keys
Felix Dörre [Fri, 22 Apr 2016 15:53:28 +0000 (17:53 +0200)]
del: remaining of infra-keys

5 years agodel: remove the special role of the 'env'-CA
Felix Dörre [Fri, 22 Apr 2016 15:46:11 +0000 (17:46 +0200)]
del: remove the special role of the 'env'-CA

5 years agoAllow finding libfaketime in multiple locations
Lucas Werkmeister [Fri, 22 Apr 2016 16:00:55 +0000 (18:00 +0200)]
Allow finding libfaketime in multiple locations

The install location of libfaketime varies across distributions.

5 years agoAdd generated to .gitignore
Lucas Werkmeister [Tue, 12 Apr 2016 12:44:53 +0000 (14:44 +0200)]
Add generated to .gitignore

5 years agoUntabify shell scripts
Lucas Werkmeister [Mon, 11 Apr 2016 18:41:51 +0000 (20:41 +0200)]
Untabify shell scripts

    find -type f -\( -executable -or -name '*.bash' -\) \
        -exec sed -i 's/\t/        /g' {} +

5 years agoRename shell scripts
Lucas Werkmeister [Mon, 11 Apr 2016 18:31:43 +0000 (20:31 +0200)]
Rename shell scripts

The usual convention is have no file name extension for executable
scripts, and to name library scripts according to their shell (here:
.bash). The rationale for the first part is that users do not need to
konw whether a program is a shell script or not, and this allows one to
rewrite the program in a different language (interpreted or compiled)
without having to update anything that refers to the program name
(documentation, crontab, etc.).

In this case, the file name extensions were also misleading, since the
scripts have a Bash shebang and use Bash features. If a user, based on
the file name extension, had tried to run a script as `sh all.sh`, it
would not have worked.

Citation: Google Shell Style Guide,
https://google.github.io/styleguide/shell.xml#File_Extensions

5 years agofix: README.md all.sh now requires parameters
Felix Dörre [Mon, 11 Apr 2016 15:39:08 +0000 (17:39 +0200)]
fix: README.md all.sh now requires parameters

5 years agoupd: parametrize all.sh
Felix Dörre [Mon, 21 Dec 2015 13:40:17 +0000 (14:40 +0100)]
upd: parametrize all.sh

5 years agoupd: verify new extensions
Felix Dörre [Mon, 21 Dec 2015 13:40:06 +0000 (14:40 +0100)]
upd: verify new extensions

5 years agomake htdocs structure constistent
Felix Dörre [Thu, 5 Nov 2015 13:48:21 +0000 (14:48 +0100)]
make htdocs structure constistent

5 years agomoving OIDs down one layer to include the root cert's generation '2'
Felix Dörre [Sat, 3 Oct 2015 12:39:07 +0000 (14:39 +0200)]
moving OIDs down one layer to include the root cert's generation '2'

5 years agoupd: generate drop-in-able configs for gigi
Felix Dörre [Sat, 3 Oct 2015 11:40:11 +0000 (13:40 +0200)]
upd: generate drop-in-able configs for gigi

5 years agomarking extensions critical, adding CPS-identifiers, adding Country
Felix Dörre [Sat, 3 Oct 2015 10:17:28 +0000 (12:17 +0200)]
marking extensions critical, adding CPS-identifiers, adding Country

6 years agoupd: find libfaketime platform independently
Felix Dörre [Sun, 23 Aug 2015 06:41:25 +0000 (08:41 +0200)]
upd: find libfaketime platform independently

6 years agoupd: encrypto the CRLs, do not compress offline data before crypting, add summary
Felix Dörre [Sat, 22 Aug 2015 22:22:38 +0000 (00:22 +0200)]
upd: encrypto the CRLs, do not compress offline data before crypting, add summary

6 years agooutput date, when procedure starts
Felix Dörre [Tue, 14 Jul 2015 20:57:01 +0000 (22:57 +0200)]
output date, when procedure starts

6 years agofix: use better friendly names in pkcs12-files
Felix Dörre [Tue, 26 May 2015 14:42:56 +0000 (16:42 +0200)]
fix: use better friendly names in pkcs12-files

6 years agocollect gigi keys
Felix Dörre [Tue, 26 May 2015 14:00:00 +0000 (16:00 +0200)]
collect gigi keys

6 years agoADD: Execution permissions to collectGigiConfig.sh
Janis Streib [Wed, 20 May 2015 16:36:51 +0000 (18:36 +0200)]
ADD: Execution permissions to collectGigiConfig.sh

6 years agoupd: orga-requires has wrong keys
Felix Dörre [Thu, 14 May 2015 22:37:01 +0000 (00:37 +0200)]
upd: orga-requires has wrong keys

6 years agoadding unpack offline, fixing pkcs12 (which requires libfaketime)
Felix Dörre [Thu, 14 May 2015 21:51:58 +0000 (23:51 +0200)]
adding unpack offline, fixing pkcs12 (which requires libfaketime)

6 years agoadding displayname to profiles
Felix Dörre [Thu, 14 May 2015 21:48:29 +0000 (23:48 +0200)]
adding displayname to profiles

6 years agoadding stuff-collection
Felix Dörre [Wed, 13 May 2015 16:14:24 +0000 (18:14 +0200)]
adding stuff-collection

6 years agoadd: collecting gigi config
Felix Dörre [Tue, 12 May 2015 17:03:15 +0000 (19:03 +0200)]
add: collecting gigi config

6 years agomove generated to own folder + permissions
Felix Dörre [Tue, 12 May 2015 17:01:59 +0000 (19:01 +0200)]
move generated to own folder + permissions

6 years agousing DOMAIN for AIA-urls
Felix Dörre [Tue, 12 May 2015 16:29:19 +0000 (18:29 +0200)]
using DOMAIN for AIA-urls

6 years agoAdding crl generation to all.sh
Felix Dörre [Sat, 2 May 2015 12:20:13 +0000 (14:20 +0200)]
Adding crl generation to all.sh

6 years agoadd CRLs generation and collection
Felix Dörre [Sat, 2 May 2015 11:36:31 +0000 (13:36 +0200)]
add CRLs generation and collection

6 years agoupd: clarify profile syntax
Felix Dörre [Thu, 23 Apr 2015 16:59:42 +0000 (18:59 +0200)]
upd: clarify profile syntax

6 years agoAdd: requires and includes for orga profiles
Felix Dörre [Wed, 22 Apr 2015 19:37:28 +0000 (21:37 +0200)]
Add: requires and includes for orga profiles

6 years agoADD: include and requires property for profiles
Felix Dörre [Wed, 22 Apr 2015 19:29:43 +0000 (21:29 +0200)]
ADD: include and requires property for profiles

6 years agoconsistency generate -> verify -> collect
Felix Dörre [Mon, 20 Apr 2015 17:56:19 +0000 (19:56 +0200)]
consistency generate -> verify -> collect

6 years ago...: Minor fixes
Felix Dörre [Mon, 20 Apr 2015 17:48:28 +0000 (19:48 +0200)]
...: Minor fixes

6 years agoUPD: better start+endtime for time-certs
Felix Dörre [Tue, 7 Apr 2015 19:04:59 +0000 (21:04 +0200)]
UPD: better start+endtime for time-certs

6 years agoAdd: script for collection of files to publish via other http
Felix Dörre [Tue, 7 Apr 2015 13:44:07 +0000 (15:44 +0200)]
Add: script for collection of files to publish via other http

6 years agominor fixup in doc-odt
Felix Dörre [Tue, 7 Apr 2015 08:09:44 +0000 (10:09 +0200)]
minor fixup in doc-odt

6 years agoadd: collect files for crt server htdocs
Felix Dörre [Tue, 7 Apr 2015 08:03:04 +0000 (10:03 +0200)]
add: collect files for crt server htdocs

6 years agoupd: verify more closely
Felix Dörre [Tue, 7 Apr 2015 07:50:58 +0000 (09:50 +0200)]
upd: verify more closely

6 years agoAdding certificate Profiles to documentation
Felix Dörre [Tue, 7 Apr 2015 00:05:13 +0000 (02:05 +0200)]
Adding certificate Profiles to documentation

6 years agoseveral fixes on certificate profiles
Felix Dörre [Tue, 7 Apr 2015 00:04:49 +0000 (02:04 +0200)]
several fixes on certificate profiles

6 years agoFIX: minor cert structure fixups
Felix Dörre [Mon, 6 Apr 2015 23:44:12 +0000 (01:44 +0200)]
FIX: minor cert structure fixups

6 years agoAdd: Proposal document for Roots Structure
Felix Dörre [Mon, 6 Apr 2015 21:52:30 +0000 (23:52 +0200)]
Add: Proposal document for Roots Structure

6 years agoFixing times, doing full times where possible
Felix Dörre [Sun, 5 Apr 2015 09:57:42 +0000 (11:57 +0200)]
Fixing times, doing full times where possible

6 years agoadding multiple time-CAs per year
Felix Dörre [Sun, 5 Apr 2015 09:26:43 +0000 (11:26 +0200)]
adding multiple time-CAs per year

6 years agocleanup shellscripts + README.md
Felix Dörre [Fri, 3 Apr 2015 22:46:33 +0000 (00:46 +0200)]
cleanup shellscripts + README.md

6 years agoadd: generate cassiopeia server config
Felix Dörre [Fri, 3 Apr 2015 21:48:08 +0000 (23:48 +0200)]
add: generate cassiopeia server config

6 years agoAdd: generating signerClientConfig
Felix Dörre [Fri, 3 Apr 2015 21:37:47 +0000 (23:37 +0200)]
Add: generating signerClientConfig

6 years agoUPD: better generation structure. Better 'time'-structure.
Felix Dörre [Fri, 3 Apr 2015 21:11:37 +0000 (23:11 +0200)]
UPD: better generation structure. Better 'time'-structure.

6 years agoadding general (simple) structure and profiles
Felix Dörre [Fri, 3 Apr 2015 19:20:27 +0000 (21:20 +0200)]
adding general (simple) structure and profiles