- Certificate revocation with the
/revoke*
paths now support revocation of certificates not in local Engine storage if a certificate is provided. Revoked certificates are stored in the revoked storage regardless of the initial role configuration used to issue the certificate.
- Create
revoke-with-key
path to revoke certificate only if user proves they have the private key - Implement the following role restrictions for
issue
andsign
paths:allow_localhost
allowed_domains
allow_bare_domains
allow_subdomains
allow_glob_domains
allow_wildcard_certificates
- Mark the following paths to not require authentication to match in-tree PKI engine:
cert/*
ca/pem
ca_chain
ca
issuer/+/pem
issuer/+/der
issuer/+/json
issuers/
- Implement
ca_cert
field in config path for communication with EJBCA API that doesn't serve publically trusted certificate- Upgrade
ejbca-go-client-sdk
tov0.1.5
that supports communication with non-publically trusted servers
- Upgrade
- Implement logging
- Update documentation
- Refactor
read
verb for/config
path to redact private key in response
- First public release of EJBCA Vault PKI Engine