blob: 69c0e7956757097cc65b9b367347e83b3b6e37a0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
-------------------------------------------------------
Changelog : ssl-mgr
Tags : 5.7.0 ➙ 6.2.0
: 2025-02-28 ➙ 2025-07-10
: 6 tags. See Docs for full changelog
-------------------------------------------------------
2025-07-10 : 6.2.0
Make sure all changes to certs/ are properly marked so that production is
updated for any change.
Fix buglet with min_roll_mins option.
Update readme
Update to README
update Docs/Changelog.rst Docs/ssl-mgr.pdf
2025-07-10 : 6.1.0
*Version 6.1 :*
* New integrity check.
On each run *sslm-mgr* validates that the production directory is up to
date
and consistent with the current suite of certificates, keys and TLSA
files.
If not, it explains what the problem is and suggests possible ways to
proceed.
Note that the first run after updating to *6.1* it will
automatically re-sync production directory if necessary. No action is
required by you.
* Keep certs and production certs fully synced.
Includes removing *next* directory from production after the *roll*
has happened and *next* is no longer needed. This change allows us to
check
that production is correctly synchronized. Earlier versions did not
remove any files from production, needed or not.
* New dev option *--force-server-restarts*.
* Add ability to specif the top level directory (where configs and outputs
are read from / saved to) via environment variable *SSL_MGR_TOPDIR*.
* External programs are run using a local copy of *run_prog()* from
the *pyconcurrent* module.
You can also install *pyconcurrent* which will ensure the latest
version is always used.
2025-07-08 update Docs/Changelog.rst Docs/ssl-mgr.pdf
2025-07-08 : 6.0.0
New **major version 6.0* released. Includes:
* PEP-8, PEP-257 and PEP-484 style and type annotations.
* Major re-write and tidy ups.
* Split up various modules (e.g. certs -> 5 separate crypto modules.)
* Ensure config and command line options are 100% backward compatible.
* Improve 2 config values:
Background: Local CAs have self-signed a root CA certificate which is
then used
to sign an intermediate CA cert. The intermediate CA is in turn used
to sign
application certificates.
* ca-info.conf: Intermediate local CA entries.
* ca_type = "local" is preferred to "self" (NB both work).
"self" should still be used for self-signed root CAs where it
makes more sense.
* CA service config file for self-signed root certificate:
* "signing_ca" = "self" is now preferred to an empty string (NB
Both work).
* These 2 changes are optional but preferred. No other config file
changes.
* Simplify logging code.
2025-03-11 update Docs/Changelog.rst Docs/ssl-mgr.pdf
2025-03-11 : 5.7.1
After latex update we needed to fix building latex pdf to avoid error
2025-02-28 update Docs/Changelog.rst Docs/ssl-mgr.pdf
2025-02-28 : 5.7.0
DANE update:
for port 25 tlsa records are generated for each MX record same as always.
But now, if port is not 25, then TLSA records are for each subdomain in
the x509 SAN domain list.
There is also a capability to specify this with additional elemein in the
dane_tls item which can be "MX" or "SANS"
Expand dane tlsa example config file
2025-02-09 update Docs/Changelog.rst Docs/ssl-mgr.pdf
|