acme

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Beyonce said it best. If you like it then you shoulda put a test on it. Scenarios I like:

• Cert is created with right DN
• Cert is stored to X509Store after creation
• Cert request is not resubmitted
• Handles failures gracefully
• HTTP challenge/response works as expected
• Certificate renewal when cert is about to expiration

As @rjkroege mentioned in rjkroege/edwood#288 tokenizing the results of the getarg function would allow for more robust parsing of the given arguments.

This issue was migrated from Pagure Issue #3199. Originally filed by rcritten (@rcritten) on 2020-08-03 15:59:52:

• Assigned to nobody

IPA can be installed in a CA-less configuration with the user providing the certificates required for operation. Running ipa-healthcheck with this will generate quite a few pk