gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-10 11:08:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(m27): certificate export (PEM/PKCS#12) and S/MIME EKU support

Browse Source 
Add certificate export in PEM (JSON or file download) and PKCS#12 formats.
Private keys are never included — they stay on agents. Add EKU-aware
issuance threading profile EKUs (serverAuth, clientAuth, codeSigning,
emailProtection, timeStamping) through the full issuance pipeline. Fix
agent CSR SAN splitting for email addresses, adaptive KeyUsage flags for
S/MIME vs TLS, and a pre-existing generateID collision bug in deployment
job creation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-03-28 16:16:19 -04:00
parent 78c7bc16b0
commit a00bb349c4
26 changed files with 1354 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files
migrations/seed_demo.sql
+8
View File
@@ -87,6 +87,14 @@ INSERT INTO certificate_profiles (id, name, description, allowed_key_algorithms,
4060800, -- 47 days (Ballot SC-081v3 target)
'["serverAuth"]'::jsonb,
'[".*\\.example\\.com$"]'::jsonb,
'', false, true, NOW(), NOW()),
('prof-smime', 'S/MIME Email',
'S/MIME certificate profile for email signing and encryption. Requires emailProtection EKU.',
'[{"algorithm": "ECDSA", "min_size": 256}, {"algorithm": "RSA", "min_size": 2048}]'::jsonb,
31536000, -- 365 days
'["emailProtection"]'::jsonb,
'[]'::jsonb,
'', false, true, NOW(), NOW())
ON CONFLICT (id) DO NOTHING;