gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 13:41:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 633a10aa4e secret: add Ref opaque-credential abstraction (Phase 1) shankar0123 2026-05-02 02:22:07 +00:00
  • 711265b652 asyncpoll: shared bounded-polling Poller + DigiCert refactor (Phase 1) shankar0123 2026-05-02 02:18:50 +00:00
  • 74d6b462a4 metrics: gofmt issuance_metrics_test.go — fix CI shankar0123 2026-05-02 01:27:33 +00:00
  • 3b92048242 metrics: add per-issuer-type issuance counters, histogram, and failure classifier shankar0123 2026-05-02 00:39:25 +00:00
  • b0efdbe2f8 repo,service: introduce WithinTx and atomic audit rows for issue/renew/revoke shankar0123 2026-05-02 00:29:09 +00:00
  • 3669556e57 ejbca: wire mTLS client cert in New() shankar0123 2026-05-02 00:08:24 +00:00
  • 804a1b05ce awsacmpca: thread ctx through factory + registry — fix CI contextcheck shankar0123 2026-05-01 23:27:25 +00:00
  • 590f654b0d awsacmpca: replace stub client with AWS SDK v2 implementation shankar0123 2026-05-01 23:13:59 +00:00
  • b3aad02232 chore(README): remove the second Scarf pixel — analytics consolidated to certctl.io shankar0123 2026-05-01 20:59:22 +00:00
  • 6a5cfb3d01 chore(README): remove duplicative Scarf pixel — moved to certctl.io shankar0123 2026-05-01 06:02:23 +00:00
  • dcd82d062f docs: convert all 9 ASCII diagrams to mermaid shankar0123 2026-05-01 05:09:00 +00:00
  • 2643a427ac ci(digest-validity): exclude Windows IIS digest — image is doc-only, not pulled by Linux CI shankar0123 2026-05-01 03:06:49 +00:00
  • a1c7741e1b fix(deploy/test) + ci(guard): drop dead SCEP profile from test compose shankar0123 2026-05-01 01:39:18 +00:00
  • e06447b763 Revert CodeQL custom config + sanitizer model — leave alert #23 open shankar0123 2026-05-01 01:28:54 +00:00
  • 482e952dde ci(codeql): rewire local model pack discovery — fix 1122f5a silent no-op shankar0123 2026-05-01 01:08:48 +00:00
  • c4157fd196 fix(deploy/test) + ci(guard): unblock deploy-vendor-e2e — encryption-key length shankar0123 2026-05-01 00:57:43 +00:00
  • 1122f5a097 ci(codeql): teach analyzer about ValidateSafeURL SSRF barrier shankar0123 2026-05-01 00:28:26 +00:00
  • 3b96b3561c ci: dump container logs on deploy-vendor-e2e failure v2.0.67 shankar0123 2026-04-30 23:37:05 +00:00
  • c8624a7fae fix(deploy/test): libest IP collision with tls-init (10.30.50.9 → 10.30.50.10) shankar0123 2026-04-30 23:36:54 +00:00
  • 7e0a7deeff fix(deploy/test/libest): drop make-time CFLAGS/LDFLAGS pass-through shankar0123 2026-04-30 23:21:59 +00:00
  • f7ee64bd79 fix(deploy/test/libest): CFLAGS=-fcommon + LDFLAGS=--allow-multiple-definition shankar0123 2026-04-30 23:12:08 +00:00
  • a1fae33f40 fix(deploy/test): f5-mock-icontrol host-port collision (20443 → 20449) shankar0123 2026-04-30 23:05:25 +00:00
  • bba425393b fix(deploy/test/libest): switch base bookworm-slim → bullseye-slim shankar0123 2026-04-30 22:53:32 +00:00
  • ffcd5e809a chore(fmt): catch vendor_e2e files missed by Phase 1 sweep filter shankar0123 2026-04-30 22:42:47 +00:00
  • 31ce64653d fix(deploy/test/libest): pin LIBEST_REF to upstream tag r3.2.0 shankar0123 2026-04-30 22:38:27 +00:00
  • 7b8cadcd02 refactor(scripts): move CI helpers out of scripts/ci-guards/ shankar0123 2026-04-30 22:37:12 +00:00
  • 7cb453a336 chore(fmt): repo-wide gofmt -w sweep — close drift surfaced by ci-pipeline-cleanup Phase 4 shankar0123 2026-04-30 22:33:57 +00:00
  • e2298c8222 release: ci-pipeline-cleanup complete (v2.X.0) shankar0123 2026-04-30 21:00:49 +00:00
  • 30970ab8a1 ci-pipeline-cleanup Phase 12: docs/ci-pipeline.md + bundle artefacts shankar0123 2026-04-30 20:59:22 +00:00
  • 59ba163c95 ci-pipeline-cleanup Phase 11: make verify-docs + verify-deploy targets shankar0123 2026-04-30 20:53:43 +00:00
  • f20c0961aa ci-pipeline-cleanup Phase 10: coverage PR-comment action shankar0123 2026-04-30 20:51:48 +00:00
  • b7a3162028 ci-pipeline-cleanup Phases 7-9: image-and-supply-chain job shankar0123 2026-04-30 20:50:52 +00:00
  • b9a63a2521 ci-pipeline-cleanup Phase 6 follow-up: IIS operator playbook + matrix doc shankar0123 2026-04-30 20:47:49 +00:00
  • 0157510d48 ci-pipeline-cleanup Phase 5+6: collapse vendor matrix; delete Windows matrix shankar0123 2026-04-30 20:46:05 +00:00
  • 0f205a8cfd ci-pipeline-cleanup Phase 4: gofmt parity + go mod tidy drift shankar0123 2026-04-30 20:42:45 +00:00
  • 7a79537f35 ci-pipeline-cleanup Phase 3: staticcheck hard-fail (SA1019 sites verified closed) shankar0123 2026-04-30 20:41:34 +00:00
  • 86d92efd2b ci-pipeline-cleanup Phase 2: coverage thresholds → YAML manifest shankar0123 2026-04-30 20:39:30 +00:00
  • 1caedd5fd3 ci-pipeline-cleanup Phase 1: extract 20 regression guards to scripts/ci-guards/ shankar0123 2026-04-30 20:36:26 +00:00
  • f6fa898b9a ci-pipeline-cleanup Phase 0: baseline + frozen decisions + Bundle II revisions shankar0123 2026-04-30 20:24:12 +00:00
  • c48a82c4c8 fix(ci): real digests + matrix→service mapping for deploy-vendor-e2e shankar0123 2026-04-30 18:46:02 +00:00
  • 39497fec1b release: deploy-hardening II complete (v2.X.0) shankar0123 2026-04-30 16:22:00 +00:00
  • a2746c82a6 ci: per-vendor e2e matrix job; vendor failures surface independently shankar0123 2026-04-30 16:18:47 +00:00
  • 0834bc1ad5 docs: deployment vendor matrix + per-connector deep-dive docs (NGINX + K8s + IIS + Apache + F5) shankar0123 2026-04-30 16:16:48 +00:00
  • 526c4136e6 test(deploy): vendor-edge e2e harness — Phases 2-13 (NGINX, Apache, HAProxy, Traefik, Caddy, Envoy, Postfix, Dovecot, IIS, F5, SSH, WinCert, JKS, K8s) shankar0123 2026-04-30 16:12:16 +00:00
  • 889c1a5a9e feat(test): docker-compose deploy-e2e sidecar matrix — apache + haproxy + traefik + caddy + envoy + postfix + dovecot + openssh + f5-mock-icontrol + k8s-kind + windows-iis shankar0123 2026-04-30 16:05:44 +00:00
  • 77abb7096c fix(config): wire CERTCTL_DEPLOY_BACKUP_RETENTION + CERTCTL_K8S_DEPLOY_KUBELET_SYNC_TIMEOUT to satisfy G-3 docs-drift guard shankar0123 2026-04-30 15:56:41 +00:00
  • ffef2db00f release: deploy-hardening I complete (v2.X.0) shankar0123 2026-04-30 15:37:08 +00:00
  • 8637131f80 chore: gofmt fixes across deploy-hardening I new files shankar0123 2026-04-30 15:33:33 +00:00
  • b95a548f65 docs: deploy-hardening I — atomic deploy + post-verify operator guide + connectors / README updates shankar0123 2026-04-30 15:30:45 +00:00
  • ad13ef3e4c test(deploy): cross-phase end-to-end atomicity + post-verify + idempotency + concurrency invariants shankar0123 2026-04-30 15:27:11 +00:00
  • 135b271197 feat(metrics): per-target-type deploy counters wired into /metrics/prometheus shankar0123 2026-04-30 15:25:38 +00:00
  • 9f41b58b2f feat(ssh,wincertstore,javakeystore,k8ssecret): explicit ValidateOnly + leverage existing connectors shankar0123 2026-04-30 15:22:17 +00:00
  • 36d79cd1ff feat(f5,iis): explicit ValidateOnly + leverage existing transactional rollback shankar0123 2026-04-30 15:16:11 +00:00
  • a7cce9afdd feat(traefik,caddy,envoy,postfix): atomic deploy + post-deploy TLS verify + rollback + ValidateOnly shankar0123 2026-04-30 15:12:11 +00:00
  • 919a92bf1b feat(haproxy): atomic deploy + post-deploy TLS verify + rollback + ValidateOnly + test-depth uplift to 36 tests shankar0123 2026-04-30 15:01:23 +00:00
  • 12e5f97f59 feat(apache): atomic deploy + post-deploy TLS verify + rollback + ValidateOnly + test-depth uplift to 34 tests shankar0123 2026-04-30 14:56:23 +00:00
  • 7444df01e2 feat(nginx): atomic deploy + post-deploy TLS verify + rollback + ValidateOnly + ownership preservation shankar0123 2026-04-30 14:50:56 +00:00
  • 49f1a60762 feat(target): ValidateOnly dry-run method on Connector interface (default returns ErrValidateOnlyNotSupported) shankar0123 2026-04-30 14:40:51 +00:00
  • 30b251ea13 feat(agent): per-target deploy mutex serializes concurrent deploys to the same target shankar0123 2026-04-30 14:32:40 +00:00
  • f5c67a51b2 feat(deploy): atomic write + validate + rollback primitive shared across all target connectors shankar0123 2026-04-30 14:29:19 +00:00
  • 9e6c57673e test(service): coverage uplift for production hardening II + adjacent helpers (R-CI-extended floor) shankar0123 2026-04-30 06:22:06 +00:00
  • db4a9b7e69 docs(README): expand Standards & Revocation table with production hardening II surfaces shankar0123 2026-04-30 06:00:41 +00:00
  • 13b29ca1bd fix(cert-export): satisfy staticcheck ST1022 on PKCS12CipherModernAES256 shankar0123 2026-04-30 05:22:10 +00:00
  • faf580aa10 docs: production hardening II — DR runbook + crl-ocsp updates + features.md env vars (Phase 10) shankar0123 2026-04-30 05:19:56 +00:00
  • 2d83342bbe feat(metrics): extend /metrics/prometheus with per-area OCSP counters (Phase 8) shankar0123 2026-04-30 05:15:05 +00:00
  • 8cba794723 feat(cert-export): typed audit-action constants + has_private_key + cipher detail (Phase 7) shankar0123 2026-04-30 05:13:15 +00:00
  • 47e37d6f68 feat(local-issuer): RFC 5280 §4.2.1.13 CRLDistributionPoints auto-injection (Phase 6) shankar0123 2026-04-30 05:11:38 +00:00
  • db854ecc6f feat(crl): HTTP caching headers (ETag + If-None-Match 304) per RFC 7232 (Phase 4) shankar0123 2026-04-30 05:09:28 +00:00
  • ed19312df6 feat(ratelimit): per-endpoint rate limit on OCSP + cert-export (Phase 3) shankar0123 2026-04-30 05:08:04 +00:00
  • 40fd96a416 feat(ocsp): pre-signed response cache + invalidate-on-revoke (Phase 2) shankar0123 2026-04-30 05:03:01 +00:00
  • 3d15a3e5af feat(ocsp): RFC 6960 §4.4.1 nonce extension support — echo client nonce in response, reject malformed shankar0123 2026-04-30 04:55:06 +00:00
  • c98d83f596 fix(README): drop hardcoded source-counts from EST row to satisfy S-1 guard shankar0123 2026-04-30 03:12:25 +00:00
  • 6622883989 docs(est): EST RFC 7030 operator guide + WiFi/802.1X recipe + IoT bootstrap recipe + FreeRADIUS integration + architecture + README shankar0123 2026-04-30 02:20:30 +00:00
  • e9011caac8 fix(deploy/libest): pin debian:bookworm-slim FROM lines to digest (H-001) shankar0123 2026-04-30 02:03:07 +00:00
  • 5834e5b866 fix(est): plumb context through ESTService.ReloadTrust to satisfy contextcheck shankar0123 2026-04-30 01:59:04 +00:00
  • 5a682db8e2 EST RFC 7030 hardening master bundle Phases 10-11: libest sidecar e2e + Cisco IOS quirk fixtures + ManagedCertificate.Source provenance + EST bulk-revoke endpoint + 13 typed audit action codes. shankar0123 2026-04-30 00:52:43 +00:00
  • 36885da2da EST RFC 7030 hardening master bundle Phases 8-9: GUI ESTAdminPage (Profiles + Recent Activity + Trust Bundle tabs) + CLI subcommand family certctl-cli est {cacerts,csrattrs,enroll,reenroll, serverkeygen,test} + 6 MCP tools. shankar0123 2026-04-30 00:20:54 +00:00
  • 43075a1b5c EST RFC 7030 hardening master bundle Phases 5-7: end-to-end serverkeygen + profile-driven csrattrs + admin observability with per-status counters + reload-trust endpoint. shankar0123 2026-04-29 23:57:45 +00:00
  • aa139ee0d9 EST RFC 7030 hardening master bundle Phases 2-4: end-to-end mTLS sibling route + RFC 9266 channel binding + HTTP Basic enrollment-password + per-source-IP failed-auth limit + per-(CN, sourceIP) sliding-window cap. shankar0123 2026-04-29 23:15:35 +00:00
  • 8cc1153bd9 fix(docs/est): drop CERTCTL_EST_* wildcard prose to satisfy G-3 docs-drift guard shankar0123 2026-04-29 22:32:19 +00:00
  • 827b9cb6c8 docs(est): document CERTCTL_EST_PROFILES + per-profile env-var family (G-3 fix) shankar0123 2026-04-29 22:28:48 +00:00
  • a808948397 feat(est): per-profile dispatch — multi-profile env-var family + back-compat shim shankar0123 2026-04-29 22:17:52 +00:00
  • 530593507b fix(scep-intune): close 11 audit gaps from 2026-04-29 pre-tag review v2.0.66 shankar0123 2026-04-29 20:28:53 +00:00
  • 84fac19f98 fix(scep-probe): satisfy staticcheck QF1008 in describeCertAlgorithm shankar0123 2026-04-29 19:00:05 +00:00
  • 506cff137d feat(scep): SCEP probe in network scanner for fleet-readiness assessment shankar0123 2026-04-29 18:51:57 +00:00
  • 0be889ff1d refactor(scep-gui): rebrand SCEP admin surface to per-profile tabbed interface (Profiles + Intune + Recent Activity) shankar0123 2026-04-29 17:46:42 +00:00
  • 5d080c86fd docs(scep-intune): deployment guide + troubleshooting + Microsoft support statement shankar0123 2026-04-29 17:03:56 +00:00
  • e0d00717c7 feat(scep-intune): golden-file tests + e2e harness against fixture trust anchor shankar0123 2026-04-29 16:55:52 +00:00
  • 28e277a88e fix(scep-intune): use useTrackedMutation for trust-anchor reload (M-009) v2.0.65 shankar0123 2026-04-29 16:35:40 +00:00
  • 77e0281a0e feat(scep-intune): GUI monitoring tab + admin endpoints shankar0123 2026-04-29 16:14:07 +00:00
  • 7612da783a feat(scep-intune): per-profile dispatcher + SIGHUP reload + per-device rate limit + compliance hook seam shankar0123 2026-04-29 15:34:19 +00:00
  • 7e4d423561 feat(scep-intune): parser + validator for Microsoft Intune Connector challenge format shankar0123 2026-04-29 14:38:35 +00:00
  • a12a437664 feat(scep): mTLS sibling route /scep-mtls/<pathID> (opt-in) v2.0.64 shankar0123 2026-04-29 13:58:18 +00:00
  • b857bdc560 docs(scep): close G-3 docs-only drift in legacy-est-scep.md shankar0123 2026-04-29 13:41:08 +00:00
  • 01f6eb9d09 feat(scep): plumb CertificateProfile.MustStaple end-to-end through service layer shankar0123 2026-04-29 13:36:30 +00:00
  • 23603f5174 docs(scep): RFC 8894 hardening — README + architecture + connectors shankar0123 2026-04-29 13:21:50 +00:00
  • b33b843908 feat(scep): RenewalReq + GetCertInitial + ChromeOS E2E + caps + must-staple shankar0123 2026-04-29 13:16:09 +00:00
  • 7b40361bc4 lint(scep): fix CI lint failures in Phase 3 commit (b540d44) shankar0123 2026-04-29 12:50:46 +00:00
  • b540d4421e feat(scep): CertRep PKIMessage response builder (RFC 8894 §3.3.2) shankar0123 2026-04-29 12:46:30 +00:00
  • a546a1bbef feat(scep): EnvelopedData decrypt + signerInfo POPO verify (RFC 8894 §3.2) shankar0123 2026-04-29 12:36:27 +00:00