Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication. | Guilhem Moulin | 2016-05-24 | 1 |
| | | | | There is no need to bother with X.509 cruft here. | |||
* | genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH ↵ | Guilhem Moulin | 2016-05-22 | 1 |
| | | | | parameters. | |||
* | typo | Guilhem Moulin | 2015-12-04 | 1 |
| | ||||
* | genkeypair: use install(1) for atomic file creation with permission mode. | Guilhem Moulin | 2015-10-28 | 1 |
| | ||||
* | genkeypair.sh: Merge privkey and pubkey for identical filekeys. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR. | |||
* | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Key usage 'keyCertSign' is required for self-signed certificates. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | 'default_days' in openssl.cnf doesn't work, use -days instead. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Add ability to add custom OrganizationalUnits in genkeypair. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Also, it's now possible to reuse an existing private key (with -f). | |||
* | Add ability to chmod, chown and set the key usage in genkeypair. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Install amavisd-new on the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | For DKIM signing and virus checking. | |||
* | Make genkeypair.sh able to display TXT record for DKIM signatures. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Add support for CSR and subjectAltName in genkeypair.sh. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't require a PKI for IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
Instead, generate a server certificate for each host (on the machine itself). Then fetch all these certs locally, and copy them over to each IPSec peer. That requires more certs to be stored on each machines (n vs 2), but it can be done automatically, and is easier to deploy. Note: When adding a new machine to the inventory, one needs to run the playbook on that machine (to generate the cert and fetch it locally) first, then on all other machines. |