Releases: glatzert/ACME-Server-ADCS
V3.0.0 - Beta3
Features
- ACME (RFC 8555) compliant server for certificate issuance (the protocol, that drives Let's Encrypt)
- Certificate issuance via Microsoft® Windows® Server Active Directory Certificate Services (MS ADCS)
- Challenge types:
http-01,dns-01,tls-alpn-01,device-attest-01 - ExternalAccountBinding (EAB) support
- Identifier types:
dns(RFC 8555): e.g. www.example.com - as known from ACMEip(RFC 8738): e.g. 127.0.0.1 - for devices that don't use names.permanent-identifier(experimental) : to issue client certificates for devices (Apple devices only, currently). Please contact me, if you use this, I would like to know, if your use-case works.
- Issuance profiles: depending on identifier type and EAB status the server can now choose issuance profiles, allowing the use of different templates (or ADCS servers) for different use cases.
- Reverse Proxy support: ACDS-ACME can now be run behind a reverse proxy that doesn't pass on the external host name.
- CSR validation now take parameters, that allow to go astray from ACME protocol. Be very careful with this feature.
Bug fixes
- ExternalAccountBinding requirement will now be communicated via metadata
Breaking changes
-
Changed file logging package
-
Configuration files have been rearranged and extended. There's only one appsettings.json now. Refer to the sample file for a proper description.
-
If you build something based of the code of V1 or V2, there will be a lot of changes, since everything is now based on AspNetCore Minimal API instead of MVC.
Configuration changes from beta1
"Profiles": {
"MyProfile": {
"CSRValidation": {
- "AllowedSANValue": {
- "DNSNameRegex": null,
- "IPNetworks": [],
- "URIRegex": null
- }
+ "SANValidationParameters": {
+ "DnsName": {
+ "ValidationRegex": null
+ },
+ "IPAdress": {
+ "ValidNetworks": []
+ },
+ "URI": {
+ "ValidationRegex": null
+ }
+ }For a full reference of the CSR validation, refer to the SANValidationParameters in appsettings-sample.json
V2.1.4
Since the 'main' branch is always the current version, please use this link to see the matching README
V2.1.4
- Wildcard identifiers will now create RFC8555 conforming authorizations
V2.1.3
- Accounts can now be read by sending an request containing an empty payload to it's url - formerly this was only possible with an payload containing an empty object. This affected Apaches mod_md.
V2.1.2
- ExternalAccountBinding status will show up in logs
- EAB will be a little bit more verbose with log outputs
- Settings are validated on start instead on usage
V2.1.1
- ExternalAccountBinding requirement will now be announced via metadata.
What's Changed (V2.1.0)
- Authorization Validation and Certificate Issuance, will now be triggered instantaneously instead of timer based.
- ExternalAccountBinding is now supported, when configured
V2.0.2
V1.9.0
V1.8.0-beta
.NET 8.0
This build changes the required framework from .NET6.0 to .NET8.0. Install the new .NET8.0 LTS to use it!
What's Changed
Full Changelog: V1.0.4...V1.8.0
Contributors
Assets 3
V1.0.4-beta
Less code to do the same things
V 1.0.3-beta
- CSRValidation now only handles SAN and ignores other extensions.
V1.0.2
V 1.0.1
V1.0.0 RC3
This release is production ready.
There'll be some breaking changes, if you use the product to build your own server around it, with the final 1.0. (namespace will be changed).
A preliminary license text (a rough draft) has been added to the license file.