Skip to content

Releases: micromdm/scep

v2.2.0

01 Dec 06:55
@jessepeterson jessepeterson
v2.2.0
988fe4e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.2.0 Latest
Latest

Thanks to our contributors for this release: @marcinjahn, @klubi, @korylprince, @mceIdo, @9072997, @bkstein, @macmule, @venkyg-sec, and @jbpin!

New

  • ARM Makefile binary targets for Apple and Linux: #176, #186
  • Bind address configurable: #182
  • Server key usages support: #189
  • CN in CA cert: #196
  • DNS name flag: #202
  • PKCS8 key and non-encrypted CA: #198

Fixed

  • Fix signer grace from 600ns to 10 minutes: #193
  • BoltDB Depot serial number changes for data races: #185, #190

Other

Contributors

jbpin, korylprince, and 7 other contributors
Assets 12
Loading

v2.1.0

15 Aug 19:39
@jessepeterson jessepeterson
v2.1.0
415371e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.1.0

Changes:

  • FingerprintCertsSelector is now hash-independent (#168)
  • Refactor CA certificate generation (#170)
  • Mark depot volume in Dockerfile (75c6aca)
  • Update pkcs7 dependency (#174). Finally we don't have to use a fork of the library!
Assets 8
Loading

v2.0.0

25 Mar 20:44
@jessepeterson jessepeterson
v2.0.0
d836799
Compare
Choose a tag to compare
v2.0.0

Three years in the making! micromdm/scep v2.0.0 release.

So much has changed. As just one example we've gone through three different Go dependency systems (Glide, dep, and finally Go modules) since the last release. So I'll try and highlight just some of bigger changes since then. Not all of this is particularly new — indeed some projects have been using newer commit hashes than the last v1.0.0 tag. At any rate:

Feature/functionality related

  • Full GET & POST support for PKIOperation (#43, #114)
  • New CA fingerprint flag for selecting amongst multiple CAs (i.e. for NDES) (#43)
    • scepclient fingerprint expects SHA-256 hashes now (formerly MD5) (#160)
  • Support signing and re-signing CSRs (to support embedding the challenge attribute) (#45)
  • New dynamic one-time challenge password support (#50)
  • Complete bolt Depot implementataion (HasCN) (e6079f0, #30)
  • SCEPStandard capability (#51)
  • New CSR verifier flag to scepserver that shells-out: -csrverifierexec (#68)
  • CA certificate is now generated with CRL signing key usage (#69)
  • New switch to specify OU for CA cert in scepserver (#82)
  • Set a default CN for new CA certs (#89)
  • Copy attributes from CSR SANs to new cert template (#107, #121)
  • Accept ECDSA keys in SCEP core module (#109)
  • New scepserver Pluggable CSR signing framework (#113)
  • Populate the server's CertRep with CA certificates before verifying (#131)
  • New CertsSelector interface for selecting which certificates a CA returns (#147)
  • Remove SHA-1 (and MD5, etc.) support for signing (and re-signing) CSRs for challenges in (#144)
  • Send Content-type: application/octet-stream header with PKIOperation (#146)
  • Support Message parameter for GetCACert (#152)
  • scepclient can now print CA certificates (and hashes) with debug output (#157)

Other changes

  • Module is now named github.com/micromdm/scep/v2. Update your import paths!
  • Various logging & error handling improvements
  • Various bug fixes
  • Makefile and build changes (#151)
  • Various iterations of Dockerfile changes (#33, #74, #83, c892534)
  • Glide->dep->go modules
  • Various PKCS7 library dependency changes ending up (currently) with a fork of Mozilla's fork of Fullsailor's PKCS7 library. (#38, #116, #128)
Assets 8
Loading

bug fixes and deps update

21 Mar 20:33
@groob groob
v1.0.0
a202afd
Compare
Choose a tag to compare
bug fixes and deps update 
v1.0.0

update server to go-kit 0.4.0
Assets 3
Loading

chain vs single ca cert

09 Jun 03:01
@groob groob
0.3.0.0
341fa33
Compare
Choose a tag to compare
chain vs single ca cert Pre-release
Pre-release

updated client and server to support chain and leaf cert responses.

# create a new CA
scepserver ca -init
# start server
scepserver -depot depot -port 2016 -challenge=secret

# in a separate terminal window, run a client
# note, if the client.key doesn't exist, the client will create a new rsa private key. Must be in PEM format.
scepclient -private-key client.key -server-url=http://scep.groob.io:2016 -challenge=secret
Assets 6
Loading

client and server

07 Jun 19:56
@groob groob
0.2.0.0
b6b416d
Compare
Choose a tag to compare
client and server Pre-release
Pre-release 
# create a new CA
scepserver ca -init
# start server
scepserver -depot depot -port 2016 -challenge=secret

# in a separate terminal window, run a client
# note, if the client.key doesn't exist, the client will create a new rsa private key. Must be in PEM format.
scepclient -private-key client.key -server-url=http://scep.groob.io:2016 -challenge=secret
Assets 6
Loading

preview

02 Jun 17:43
@groob groob
0.1.0.0
38528d0
Compare
Choose a tag to compare
preview Pre-release
Pre-release

It's usable now, but not everything is complete.

Assets 4
Loading

it works!

29 May 21:03
@groob groob
v0-dev
0bffa6d
Compare
Choose a tag to compare
it works! Pre-release
Pre-release

a very basic version

# clone the repo
git clone https://github.com/micromdm/scep.git
# download scep binary and place it in the scep repo root
# change the binary permissions to make it executable.
chmod a+x ./scep
# run scep binary inside the repo folder.
cd scep
# starts scep server at localhost:9001
./scep
# install sceptest.mobileconfig profile
# the CA and the SCEP signed cert will be added to your OS X keychain
Assets 3
Loading