https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/Recent content in Certificate Authority onHugo -- gohugo.ioTue, 06 Oct 2020 08:49:15 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/overview/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/overview/Fulcio is a free code signing Certificate Authority, built to make short-lived certificates available to anyone. Based on an OpenID Connect email address, Fulcio signs X.509 certificates valid for 10 minutes. Fulcio was designed to run as a centralized, public-good instance, auditable by a certificate transparency log. Fulcio can also be deployed as a self-hosted service. Fulcio is being developed as part of the Sigstore project. Join us on our Slack channel (need an invite?https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/certificate-issuing-overview/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/certificate-issuing-overview/This page will walk through the process of issuing a code signing certificate from start to finish as an entry point to understanding how Fulcio works. 1 — Certificate request input # As a first step, the client submits a certificate request to Fulcio. This certificate request contains the following: An OpenID Connect (OIDC) identity token. This is a signed JWT containing information about the principal (identity of the client), the issuer (who issued the identity token - Google, Microsoft, GitHub, etc.https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/cert-transparency-log-info/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/cert-transparency-log-info/Review Fulcio’s transparency log information on GitHub.https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/oidc-in-fulcio/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/oidc-in-fulcio/Summary # Fulcio uses OIDC tokens to authenticate requests. Subject-related claims from the OIDC token are extracted and included in issued certificates. Sigstore runs a federated OIDC identity provider, Dex. Users authenticate to their preferred identity provider and Dex creates an OIDC token with claims from the original OIDC token. Fulcio also supports OIDC tokens from additional configured issuers. Supported OIDC token issuers # Email # Email-based OIDC providers use the user’s email as the subject of the certificate.https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/release-log/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/release-log/Review Fulcio’s Release log on GitHub.https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/hsm-support/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/hsm-support/Review Fulcio’s HSM support on GitHub.https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/cert_specification/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/certificate_authority/cert_specification/Review Fulcio’s certificate specification on GitHub.