Releases: smallstep/certificates
Step CA v0.18.3-rc4 (22-04-19)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.3-rc4_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.3-rc4_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- d6ce35a [action] attempt to pin goreleaser version
Thanks!
Those were the changes on v0.18.3-rc4!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Release v0.18.3-rc3
[action] goamd64 another attempt at fix
Release v0.18.3-rc2
[action] issue uploading to scoop - attempt setting goamd64
Release v0.18.3-rc1
Merge pull request #903 from smallstep/herman/changelogs-20220419 Update changelog for v0.19.0
Step CA v0.18.2 (22-03-01)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.2_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.2_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- bf8155f Merge pull request #840 from smallstep/changelog/PR829
- b64d1e1 Add entry in changelog.
- 15b1049 Fix json tag for Azure.ObjectIDs.
- 6f46cdb Merge pull request #829 from vijayjt/new-azure-token-authz-options
- 18d99b9 Merge pull request #838 from smallstep/max/validate-provisioner-before-store
- 51210df changelog update
- a79d4af change return value of generateProvisionerConfig to value
- 6030f8b Validate provisioner configuration before storing in DB
- 7a32c31 Update linkedca dependency version
- b128e37 Add SubscriptionIDs and ObjectIDs to provisioner-linkedca conversion functions
- 4a10f2c Rename new fields as per feedback to remove AAD from the name
- dedd136 Merge pull request #831 from smallstep/max/psql
- 9d885e6 bump nosql for postgres support
- 8b68bed Add support for validation of certificate requests using Azure subscription and AAD object IDs. See #735
- c178863 Merge pull request #828 from smallstep/update-changelog
- 3a5312c Add support for
AuthorizationCrtin changelog. - 28af606 Merge pull request #827 from smallstep/x5c-template
- abe951d Fix name of the variable in comment.
- a0cf808 Make the X5C leaf certificate available to the templates.
- 1d09d14 Merge pull request #826 from smallstep/herman/changelogs-20220215
- af17b6a Make copyright year dynamic
- 0b33784 Update changelog
- 4ebf43c Merge pull request #820 from smallstep/herman/acme-api
- 5b713a5 Change CM link
- 5cb23c6 Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names
- d00729d Refactor ACME Admin API
- 588c72c Merge pull request #817 from Cpcrook/chore/#816-provisioner-decryption-error-messaging
- 11637b5 Add descriptive provisioner JWK decryption error messages
- 039d245 changelog update
- bfa2245 Merge branch 'master' into herman/normalize-ipv6-dns-names
- e887cca Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert
- 1fe7362 Normalize IPv6 addresses in ACME linker
- 716b946 Normalize IPv6 hostname addresses
Thanks!
Those were the changes on v0.18.2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.18.1 (22-02-03)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 5f4ac5b Fix broken test due to linter fix
- 62690ab Fix linting errors and pin linter version in release action
Thanks!
Those were the changes on v0.18.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.18.1-rc3 (22-02-03)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.1-rc3_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.1-rc3_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 5f4ac5b Fix broken test due to linter fix
- 62690ab Fix linting errors and pin linter version in release action
Thanks!
Those were the changes on v0.18.1-rc3!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.18.1-rc1 (22-01-04)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.1-rc1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.1-rc1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 8fee970 Merge pull request #779 from smallstep/herman/acme-cli-user-agent
- 07addd0 Fix linting issue
- a68208a Set Step CLI User-Agent when performing ACME requests
- 8473164 Merge pull request #773 from smallstep/herman/ip-sans-improvements
- a5f2f00 Change name of IP Common Name test for clarity
- 80bebda Fix code style issue
- f7c1a32 Merge pull request #777 from smallstep/pkcs11-decrypter
- d5c6572 Fix typo.
- 5a32401 Implement the kms.Decrypter with PKCS#11
- ab44fbf Merge pull request #774 from smallstep/cm-roots
- 2c63abc fix grammar
- 7c4e6dc Remove duplicated code in bootstrap methods
- 64c19d4 Fix subject in test, use ip
- b0b2e77 Avoid doing unauthenticated requests on the SDK
- bc0875b Disallow email address and URLs in the CSR
- 13a31fd Merge branch 'master' into herman/ip-sans-improvements
- ca707cb Fix linting
- a5d3351 Fix test
- a2c9b5c Allow IP identifiers in subject, including authorization enforcement
- fbd3fd2 Merge pull request #625 from hslatman/hs/acme-revocation
- 00539d0 Add changelog entry for ACME revocation
- 3bc3957 Merge branch 'master' into hs/acme-revocation
- 0524122 Remove authorization flow for different Account private keys
- 53ebd85 Update star gif size
- c0255b7 Update star gif
- accb071 Star gif
- 94afec7 Merge pull request #758 from smallstep/errors-forbidden
- e0fee84 Add comment about public key validator.
- 0cebde3 Change fallback message on RekeySSH.
- 004fc05 Fix PR comments
- 9fd147f Change error message.
- 47a8a3c Add test case for ACME Revoke to Authority
- 06bb97c Add logic for Account authorizations and improve tests
- bae1d25 Improve tests for JWK vs. KID revoke auth flow
- a7fbbc4 Add tests for GetCertificateBySerial
- 4d01cf8 Increase test code coverage
- 2d357da Add tests for ACME revocation
- ed295ca Fix linting issue
- c9cd876 Merge branch 'master' into hs/acme-revocation
- 78acf35 Merge pull request #753 from scattered-network/docker-compose-go-mod-updates
- d35848f Fix unit tests.
- c3f98fd Change some bad requests to forbidded.
- cbb0f40 Revert "Update Go Modules: Fixes Docker Example"
- 3c5d1c9 Use smallstep/small-cli as base image, remove step cli build
- ff04873 Change the default error type to forbidden in Sign.
- b9beab0 Fix unit tests.
- 507a272 Return always http errors in sign options.
- d83ca96 Fixes #757
- a33709c Fix sign ssh options tests.
- 1da7ea6 Return always http errors in sign ssh options.
- 031d4d7 Return BadRequest when validating sign options.
- a067b3a Add a note about reload-or-try-restart in systemd
- bb26799 Modify errs.Wrap with forbidden errors.
- b5db3f5 Modify errs.ForbiddenErr to always return an error to the cli.
- 4f84cef Merge pull request #752 from smallstep/errors-bad-request
- d925bc6 Fix systemd renewer to use sh
- 11a1297 Update Go Modules: Fixes Docker Example
- 2d50c96 Merge branch 'master' into hs/acme-revocation
- aa3fdf8 Do not overwrite errors.
- b6ebd11 Update temporal solution for sending message to users
- 668d3ea Modify errs.Wrap() with bad request to send messages to users.
- 8c8db0d Modify errs.BadRequestErr() to always return an error to the client.
- 8ce807a Modify errs.BadRequest() calls to always send an error to the client.
- 8d229b9 update commented template names to match reality
- 9187805 Merge pull request #741 from gdbelvin/ssh
- febb619 Add some extra validation and print certificate objects
- bbb327c Make a csr if there's not a root
- 29f5a35 simplify flags
- 29f9730 Satisfy golangci-lint
- 42f56d6 Set golangci-lint version to v1.41.0 instead of latest
- 023c64c Merge branch 'master' into hs/acme-revocation
- c7a9c13 Add tests for extractOrLookupJWK middleware
- 3151255 Merge branch 'master' into hs/acme-revocation
- a4cfb66 Merge branch 'master' into hs/acme-revocation
- 258efca Improve revocation authorization
- 97165f1 Fix test mocking for CreateCertificate
- 2b15230 Add Serial to Cert ID ACME table and lookup
- 8f7e700 Merge branch 'master' into hs/acme-revocation
- 16fe07d Fix mockSignAuth
- 0e56932 Add support for revocation using JWK
- 84e7d46 Improve handling of ACME revocation
- d53bcaf Add base logic for ACME revoke-cert
Thanks!
Those were the changes on v0.18.1-rc1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.18.0 (21-11-17)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.0_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
fca7de6 changelog update for 0.18.0
de2ce5c Merge pull request #692 from smallstep/max/context
440616c Merge pull request #750 from smallstep/duration-errors
acd0bac Remove extra and in comment.
1aadd63 Use always badRequest on duration errors.
df28436 [action] only run codecov for go 1.17
41fec15 Report duration errors directly to the cli.
7fac8c9 Merge branch 'master' into max/context
0a53af9 Merge pull request #742 from hslatman/hs/fix-golangci-lint-1.43.0
196f6b4 bump cli-utils to 0.7.0
b5bf79b bump nosql library
5554314 bump version ofcli-utils
922d239 Simplify conditional
a7d1449 SSH backwards compat updates
d37313b Use 0600 for profile defaults file.
507be61 Use a more distint map key to indicate template version
f426c15 backwards compatibility for version of cli older than v0.18.0
c80a64d ssh/step_config.tpl context flag in wrong spot
fcc1517 Rename templates and create profileConfig dir ahead of time.
43cba99 PR fixes
3e9830e Use profileDefaults in PKI
c8560b4 updated method name in cli-utils
9d4a7cf Update includes template to use STEPPATH as the replace var
74eea88 Replace Fragment template with Line
da74fa2 Rename FullSnippet to Fragment and remove unused replace in go.mod
b080b75 Template updates to support multiple SSH include snippets
d777fc2 Add ca.WithInsecure and use methods for file names
e5951fd Use methods in the step package
ed4b567 updates after rebase to keep up with master
7eeebca Enable step path contexts in identity and pki paths
10db335 mv pkg config -> step
741ac64 change name of package cli-utils/config to cli-utils/step
2c05f48 Remove support for Go 1.15
e7a988b Pin golangci-lint to v1.43.0 and fix issues
62a20c7 Upgrade cli-utils with latest version of promptui
24a6900 Merge pull request #613 from gdbelvin/extractable
91fb57e Add entry to changelog.
7ec1424 Fix help.
8366b7d Revert "Remove extractable from StoreCertificate."
614ee79 Remove extractable from StoreCertificate.
fa11e82 Add tests with extractable property.
886b9a1 Store the certificate passed.
aa80bf9 Merge branch 'smallstep_master' into extractable
6be383d Refactor pkcs#11 extractable certs and keys.
d68090e Merge pull request #729 from smallstep/funcmap
cb4a2a5 Use the same method to return the templating functions.
cf4944e Merge pull request #728 from smallstep/env
9958e06 Replace promptui with apache-compatible fork.
0f63d43 Remove sprig "env" and "expandenv" functions.
0927e0d Upgrade go.step.sm/crypto dependency
b7d4b48 Merge pull request #724 from smallstep/sign-with-retry
bef50bd Fix typo in variable name.
ead394f Add strategy to retry the sign operation if the key is not yet ready
66a8158 Update README.md
22b471a Extractable certs
be89459 Set key export bit
Thanks!
Those were the changes on v0.18.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.17.6 (21-10-20)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.17.6_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.17.6_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
da3c6af changelog update
Thanks!
Those were the changes on v0.17.6!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.