xipki

XiPKI: Compact open source PKI (CA, OCSP responder, certificate protocols ACME, CMP, EST).

APACHE-2.0 License

Stars
501
View Code on GitHub
Ecosystems: Java

Bot releases are hidden (Show)

xipki - v5.3.5

Published by xipki almost 5 years ago

  • CA

    • Upgrade bcprov-jdk15on and bcpkix-jdk15on to 1.64
    • Fixed bug #128 "CA cannot start with NULL CMP_CONTROL"
    • Downgrade liquibase from 3.8.0 to 3.6.3 to support MariaDB 10.3+
    • Securities accepts explicit P11ModuleFactories

  • OCSP

    • Upgrade bcprov-jdk15on and bcpkix-jdk15on to 1.64
    • Downgrade liquibase from 3.8.0 to 3.6.3 to support MariaDB 10.3+
    • Securities accepts explicit P11ModuleFactories

  • CLI

    • Optimized the display of benchmark with number over 1,000,000,000
    • Securities accepts explicit P11ModuleFactories

  • SHA256 Checksum

    • 73f95cdc427e2156952b5a8dad2547adbf17a14993ce7d7a8f2984ed884d85e9 ca-war-5.3.5.zip
    • 6a67862320daf83cad78b005f1cf293055537c1f756d20d938680566330cfab0 ocsp-war-5.3.5.zip
    • 6701f114b264f992bcaa47c3e77a8940215643dc6105fe52381d2b08f4ab2e09 p11proxy-war-5.3.5.zip
    • 210d087b68b4810be3a07056af982f66bcab5441d38cdfa07594fb4803e851e2 xipki-cli-5.3.5.tar.gz
xipki - v5.3.4

Published by xipki about 5 years ago

  • OCSP
    • Fixed bug "OCSP server cannot answer anymore" (this bug is introduced in 5.3.3)
  • SHA256 Checksum
    • a2a4dd4bd79ac94a11e52900cf34cc1cb22c3c26515e22c74d9da8a0dd98473c ca-war-5.3.4.zip
    • b5ea94862d1f410598d480b1588affad11ae9b0726689ca02ac08f21748e17bd ocsp-war-5.3.4.zip
    • 801d70c66438937196f5386163af461f6e9f900d14a851bfbc949416e992f422 p11proxy-war-5.3.4.zip
    • 87b94e57f87b45840b54ea421d0ae83dd525ffaa541e73de14e5e675aa75b275 xipki-cli-5.3.4.tar.gz
xipki - v5.3.3

Published by xipki about 5 years ago

  • CA
    • Add feature to log the the HTTP requests and responses
    • Remove the extension authorityInfoAccess from the mandatory list
  • OCSP
    • Add feature to log the the HTTP requests and responses
    • Add option to configure how to handle expired CRLs:
      • Default or ignoreExpiredCrls=false: consider the last imported CRLs as valid.
      • ignoreExpiredCrls=true: return OCSP response tryLater.
  • SHA256 Checksum
    • e172f91b5c2e0f6da9d93449cbf79c59b5557147df0afbaf039d8f98f658dca3 ca-war-5.3.2.zip
    • c7f8fb961c7118b9c569156262de5db01ee8d54a23e750870a48575113eb4b8d ocsp-war-5.3.2.zip
    • 84617690f2b434030e38124aa7224f02e23245e522a7926b02393d5968cdfa51 p11proxy-war-5.3.2.zip
    • 5a48511ea1740010ab954a15c3174f3e20df99f400f0b5a06dba2d52e87e9cd6 xipki-cli-5.3.2.tar.gz
xipki - v5.3.2

Published by xipki over 5 years ago

  • CA
    • Use EXPLICIT tag for the GMT 0015 IdentityCode
    • Reduce the table size to make it loadable if the database has charset utf8mb4 in MySQL/MariaDB.
  • OCSP
    • Added configuration of OCSP responder for the store types xipki-db, ejbca and crl.
  • ALL
    • Remove the leading zero of DSA's P, Q and G in CK_DSA_PARAMS.
    • EC: use Object Identifer of a curve instead name if possible
    • EdDSA: use curveId instead of curveName in PKCS#11 keypair generation.
  • SHA256 Checksum
    • 9e54ef61f8f9f62c80944a5a8b6c49953d32249494ce0d53bcf12a2c9f8d5c21 ca-war-5.3.2.zip
    • 77fbf4ac95a194c56425d2eca89e920d82083d38ccd1c9734872abd94f141919 ocsp-war-5.3.2.zip
    • d3f0b0262f0ffde331fb8df849bc5355bb352f655fd35d23b1d23f151398953e p11proxy-war-5.3.2.zip
    • 8967bd70534d2c47abbe371dc6a149bb6575f400256bded7e8235abf35411924 xipki-cli-5.3.2.tar.gz
xipki - v5.3.1

Published by xipki over 5 years ago

  • CA
    • Replace the logging backend logback by log4j2.
    • Reintroduced the support of databases H2 and HSQLDB.
  • OCSP
    • Use stream parser to parse the CRL to get small memory usage even for very large CRLs.
    • Extend the OCSP store type "crl" to support multiple CRLs, even for the same CA.
    • Replace the logging backend logback by log4j2.
    • Reintroduced the support of databases H2 and HSQLDB.
  • SHA256 Checksum
    • db9463d8d332a2f89de3fd40781073ea1be06fbb2bb0c2081911681405fc0413 ca-war-5.3.1.zip
    • d1fed18822a97997d1c7ab068bae5eb6214d1914190349c7d475a6c55de8c7f4 ocsp-war-5.3.1.zip
    • 5909a306958b4193fb540475e1bd909508c8c81b037d3195eb19ef4fd59b114e p11proxy-war-5.3.1.zip
    • c9bcc664b63e2c25646be07eae6fcff6bc346c5bad169d70b1a9711b898605fa xipki-cli-5.3.1.tar.gz
xipki - v5.3.0

Published by xipki over 5 years ago

  • CA
    • Add support of RFC8410 (Edwards and Montgomery Curves).
    • Add REST API to enroll certificate whose keypair is generated by the CA
  • OCSP
    • Add support of Ed25519 and Ed448 as signature algorithm.
  • CLI
    • Add support to generate keypair, generate CSR, and enrol certificates of edwards and montgomery curves.
  • SHA256 Checksum
    • 0ca76e74f860c27567f9c0fa9f2f0650d021dc85b88c3620873601ad90009377 ca-war-5.3.0.zip
    • 5952220f7b2ab10d201c35dfcbcc1da3c3b4897a7eb9d3cb4f2a8b5470e9bde6 ocsp-war-5.3.0.zip
    • 0afe8b0b157d75e86476c65550f4829bf8117fdd59a2775298907c7fffb042da p11proxy-war-5.3.0.zip
    • 857b497d2e6c38d01e257a7cb172530350c26242a6abad325ba8a666ac6854d1 xipki-cli-5.3.0.tar.gz
xipki - v5.2.0

Published by xipki over 5 years ago

  • CA
    • New feature to configure fixed value of subject RDN in the certificate profile
    • Make sure that the certificate serial number is randomly generated with at least 70 bit entropy and not weak by checking the NAF weight.
    • In the extension CertificatePolicies, the OID for User Notice is not correct. This has been fixed.
    • Add the management of the certificate of parenet CAs for given CA
    • Extension AuthorityKeyIdentifier embeds both KeyIdentifier and (authorityCertIssuer, authorityCertSerialNumber) in case of incorrect configuration. However exactly one of them is allowed. This has been fixed.
    • Add the native support of jurisdictionOfIncorporationCountryName, jurisdictionOfIncorporationLocalityName and jurisdictionOfIncorporationStateOrProvinceName
    • Add the native support of extensions IdentityCode, InsuranceNumber, ICRegistrationNumber, OrganizationCode and TaxationNumber defined in the chinese standard GM/T 0015
    • Add support of specification of extension admission in subject
    • Add CA/Browser certificate profiles.
    • Add support of Certificate Transparency (RFC 6962)
    • Increase the max. size of a certificate from 3000 to 4500 bytes.
  • OCSP
    • Add the configuration of OCSP response behaviour for unknown certificate
    • The OCSP cacher exhausts the database connections. This has been fixed.
  • CLI
    • Extend the command csr-p11 and csr-p12 to generate CSR with complex subject and extensions
    • Simplify and extend the configuration of custom extension
  • SHA256 Checksum

    • b520c038deb2e29c7b2571523081331a709bd2fd1dd8da9af8a3b7dba58fa4a8 ca-war-5.2.0.zip

    • 60570275085f1d5b6b616bac26387f6d19665d289c7a2529e2655f4cca2c1dcb ocsp-war-5.2.0.zip

    • cdde370abe5b1909bab83002f77824fcd7b127fe55476f07ad503f9686a551e7 p11proxy-war-5.2.0.zip

    • fb13fdf5681f1daab3fb20294fa0b5df0856d2826da294718a8b29dd66cc2fce xipki-cli-5.2.0.tar.gz

xipki - v5.1.0

Published by xipki over 5 years ago

  • Fixed Bugs
    • If ca.war and ocsp.war are both in one tomcat instance, and one war cannot be started, the other too.
  • Enhancements
    • Relax the limitation of OCSP response in HTTP GET
    • New feature to add NextUpdate to OCSP Response, even if no NextUpdate is available. This is configurable.
    • Optimize the mechanism to generate CRL
    • Add example modules to demonstrate how to extend XiPKI OCSP server to use customized certificate status source.
    • Better mechanism to handle emailAddress in Subject / SubjectAltName
    • Add support of OCSP certificate status source published by EJBCA
    • Simplify the specification of customized extension in certificate profile.
    • Add support of certificate status source based on the database of XiPKI CA.
  • SHA256 Checksum
    • fd585f05ce1e8da62842447c47fe28c5c350a6e0757f8828cc824c4e11831318 ca-war-5.1.0.zip
    • 90e39c80dd8d25f188687ce5ad082c06b5f9aba593ebebbc65b2f8323ed64bab ocsp-war-5.1.0.zip
    • b97a4b7f5cf7f12a83ad9b6a663a4d40442f3ea09cc39d33372790f6fdb4f2c9 p11proxy-war-5.1.0.zip
    • 876a21a69577606afad5d0f911ea5a24d700f3de6972adcc88a460ac3f2edbe8 xipki-cli-5.1.0.tar.gz
xipki -

Published by xipki over 5 years ago

  • Fixed Bugs
    • Validity other than {num}'y' will not be handled correctly. This has been fixed.
    • The flag 'crlUpdateInProcess' is not set correctly. This has been fixed.
    • OCSP-server DbCertStatusStore logic to detect issuer changes is wrong. This has been fixed.
  • Enhancements
    • Increase the iteration count of PBKDF2 from 1000 to 10,000.
  • SHA256 Checksum
    • 4d579056d94b14ee8650f25d5d2c5a8014c23a1898ba7c01b2600cb021c40ddf ca-war-5.0.1.zip
    • aae8eeac7eaaa8433f2a6ae5ca4d0ecd30e113eaf7053866897768affc6bb528 ocsp-war-5.0.1.zip
    • 1d6c28264c328fbd61b49eba8cabc2de76a7a5db5bb019d928f8e4f11e8ac866 p11proxy-war-5.0.1.zip
    • 0586409b0731af674c7f25bb04fadc9597fe8c2ff6863496daa830f43591420f xipki-cli-5.0.1.tar.gz
xipki -

Published by xipki almost 6 years ago

  • Optimized the file operations
  • Merged modules
  • Change the distributions
    • CA: from stand-alone karaf based appication to WAR package.
    • OCSP: from stand-alone karaf based appication to WAR package.
    • SDK: replaced by xipki-cli
    • CLI: Command Line Interface. Introduced in version 5.0.0.
  • Merged classes
  • Change the specification format of certificate profile from XML to JSON
  • Change the configuration format of CA, OCSP, PKCS#11 module, CMP client from XML to JSON
  • Add the remote management of CA via REST API
  • Add the remote management of OCSP via REST API
xipki -

Published by xipki about 6 years ago

  • Checksum
    • d68f0da2c96500245f58ce64231878e2610248ea88c486065272a6601878fed0 xipki-toolkit-4.0.0.tar.gz
    • cd3ad5d6a60084f0b43e99817f4920e5123cfc64ef591b8b526ba37db1c1ae13 xipki-pki-4.0.0.tar.gz
    • 87c84bad4776100b9b0524254f0cc3f5f97d780d178f327235a0eec61e453fd0 xipki-sdk-4.0.0.tar.gz
xipki -

Published by xipki almost 7 years ago

  • Change the license to Apache License
  • SHA256 fingerprint
    • 4463cb5b0096eba8821db53b2dd9094e0659d5003448cc009dbc25ecc8fa989d xipki-pki-3.0.0.tar.gz
xipki -

Published by xipki almost 8 years ago

Fixed Bugs

  • Setting status to inactive does not preventing from starting CA #24
  • A faulty CA prevents from the use of other CAs #25
  • Commands xipki-ocsp:status and xipki-qa:ocsp-status cannot verify OCSP response with Plain-ECDSA signature #39
  • Signature creation with algorithm plain-ECDSA not always correct #40
  • Cannot disable audit in OCSP responder. #43

Enhancements

  • Add support to save the request in CA database #14
  • Extend the karaf shell to allow the specification of notBefore and notAfter of the certificate to be requested #15
  • Better handle of notBefore and notAfter of the certificate to be generated #16
  • Return unknown status if current time is after the notAfter of the target certificate #17
  • Update apache karaf from 4.0.5 to 4.0.7 #18
  • Add option to configure the whole CA system from XML or zip configuration file #19
  • Use word csr instead p10 #20
  • Clean up the name of static methods of Enum #21
  • Add support of database cluster #22
  • Add karaf shell to export CA configuration #23
  • Added support to retrieve client certificate forwarded by reverse proxy #26
  • Add support to communicate with CA via REST #27
  • Add support of X.509 attribute certificate to command xipki-ocsp:status #28
  • Add support to save attributes of subject in extension SubjectAltNames #29
  • Add option to configure the permitted POPO signature algorithms #30
  • Add option to control whether certificates will be returned only if CA can generate certificate for all single certificate requests in one request #31
  • Add option to read certificate serial numbers from file to command xipki-ocsp:loadtest-status #32
  • Add option to specify the duration together with unit "" to load test #33
  • Add option to specify the maximal number of single tests to load test. #34
  • Add option to specify certificate serial numbers in range to command xipki-ocsp:loadtest-status #35
  • Update the versions of JDBC drivers #36
  • Use hsqldb instead h2 due as default database due to performance problem in case of exporting database #37
  • Add option to read certificate serial numbers from file to command xipki-cli:loadtest-revoke #38
  • Add SHA3 support #41
  • Clean up audit #42
  • Extend the OCSP responder to configure whether the expired/not-yet-valid certificates are ignored #44
  • Add shell command to list certificates #45
  • Add support to republish the certificates with multi-threads #46
xipki -

Published by xipki over 8 years ago

Bugs

  • fixed invalid regex for dateOfBirth in subject #11

Enhancements

  • add support of qCStatement PdsLocations #2
  • add support of non-UTF8String in field other.value in extension SubjectAltNames #3
  • Sort the subect RDN as suggested by Annex B of ITU-T X.521 #4
  • add full native support of certificate extension admission #5
  • add support of enrolling certificates up to 3000 bytes #6
  • add support to use the choice ResponderID.byKey in OCSP response #7
  • select the OCSP responder certificate according to the ResponderID in OCSP response #8
  • allow certificate profile to specify customized order of RDNs in certificate subject #9
  • add support of extension SubjectDirectoryAttributes as defined in RFC 3739 #10
  • add example to generate complex certificates that can be parsed by openssl #12
xipki -

Published by xipki over 8 years ago

Please update to version 2.0.1

xipki -

Published by xipki over 9 years ago

Package Rankings
Top 11.71% on Repo1.maven.org
Badges
Extracted from project README
GitHub release License Github forks Github stars
Related Projects
directory-ldap-api

Apache Directory LDAP API

18 Aug 2017 33
directory-server

Apache Directory Server

21 May 2009 150