stanford-certificate-web (56) unstable; urgency=medium

  * Auto Reply: The sendmail functionality has been updated to send emails via SMTP
    using the provided username and password for authentication.

 -- Srinivas Rao Puttagunta <psr123@stanford.edu>  Wed, 19 Mar 2025 17:20:44 -0700

stanford-certificate-web (55) unstable; urgency=medium

  * Small change in user directions to reduce confusion: change
    "www.myserver.edu" to "myserver.stanford.edu" (see also ServiceNow
    ticket TASK00194404).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 23 Mar 2021 16:56:22 -0700

stanford-certificate-web (54) unstable; urgency=medium

  * Skip the "stanford.edu" and "*.stanford.edu" validation checks when
    submitter is a certreq admin. (Jira CERT-172)

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 03 Nov 2020 10:20:47 -0800

stanford-certificate-web (53) unstable; urgency=medium

  * Fix a misspelling.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 24 Aug 2020 06:53:35 -0700

stanford-certificate-web (52) unstable; urgency=medium

  * Add configuration directive "fqdn_required" that, if set to "YES",
    rejects any certificate requests that contain hostnames that are not
    fully-qualified, that is, do not end in one of ".com", ".edu", ".net",
    ".org", or ".us". If the parameter is not set in the configuration
    file it defaults to "YES". This will prevent submissions of
    certificates where the submitter forgot to add the ".stanford.edu"
    suffix.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Thu, 20 Aug 2020 00:11:18 -0700

stanford-certificate-web (51) unstable; urgency=medium

  * Change duration to a fixed value of one year. This is required as all
    Certificate Authorities are no longer issuing two-year certificates as
    of September 2020.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 10 Aug 2020 08:15:37 -0700

stanford-certificate-web (50) unstable; urgency=medium

  * Rewite to use Bootstrap 4.5.
  * Add MOTD (message-of-the-day) support; MOTD page can be set to expire.
  * Add some help links in the "Details" documentation.
  * Use stanford-web-template for standard Stanford header and footer.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Sun, 21 Jun 2020 08:20:20 -0700

stanford-certificate-web (49) unstable; urgency=medium

  * Add a maintenance page.
  * Fix bug where we assumed that "! 1" results in "0" (it doesn't). This
    affected the logic used to decide whether or not to use the InCommon
    Test Certificate Manager.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Sat, 09 May 2020 09:15:06 -0700

stanford-certificate-web (48) unstable; urgency=medium

  * Replace "http://" with "https://" in several places as well as change
    some links from the old ITServices to University IT. (Jira CERT-160)
  * [netdb-access-info-for-ssl] Change to that script can handle multiple
    nodes returned in Node.search.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 08 Apr 2020 05:38:13 -0700

stanford-certificate-web (46) unstable; urgency=medium

  * [netdb-access-info-for-ssl] Add allowed node types "MX".

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 23 Mar 2020 13:43:27 -0700

stanford-certificate-web (45) unstable; urgency=medium

  * [netdb-access-info-for-ssl] Add more allowed node types "IP Addr." and
    "Interface".

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 11 Mar 2020 19:05:20 -0700

stanford-certificate-web (44) unstable; urgency=medium

  * [netdb-access-info-for-ssl] Fix another typo.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 04 Mar 2020 11:51:20 -0800

stanford-certificate-web (43) unstable; urgency=medium

  * [netdb-access-info-for-ssl] Allow for cases where the user being
    tested for access does not have a corresponding User object in NetDB.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 04 Mar 2020 09:43:43 -0800

stanford-certificate-web (42) unstable; urgency=medium

  * Fix bugs in netdb-access-info-for-ssl surrounding nodes that are not
    of type Node or Alias. (Thanks to Ben Thai!)
  * Fix spurious "Z" in the certreq cgi-bin file :^(

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 03 Mar 2020 09:47:53 -0800

stanford-certificate-web (41) unstable; urgency=medium

  * Fix bug in the use_prod_netdb function.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 28 Feb 2020 08:08:18 -0800

stanford-certificate-web (40) unstable; urgency=medium

  * When checking if a user has access to a NetDB domain object we now
    also check the domain's Admin field (this is only possible lately: until
    recently NetDB did not have an Admin field for domain objects).
  * Add pandoc man page for netdb-access-info-for-ssl (see
    usr/bin/netdb-access-info-for-ssl.md). So now 'man
    netdb-access-info-for-ssl' yields something useful.
  * If the 'use-prod_netdb' configuration directive is set to "NO" use the
    DEV instance of NetDB.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 21 Feb 2020 10:22:40 -0800

stanford-certificate-web (39) unstable; urgency=medium

  * Add option to skip NetDB check if the logged-in user in admin. The admins
    are listed in the configuration file.
  * Parse CSR to get public key algorithm and, if the public key algorithm
    is ECC signal to the incommon manager script to request an ECC
    certificate. In other words, ECC certificate requests are now
    supported without admin intervention.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 21 Jun 2019 14:40:01 -0700

stanford-certificate-web (38) unstable; urgency=medium

  * Have csr-parse skip any SANs that are exactly the string "stanford.edu".

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 12 Feb 2019 09:16:50 -0800

stanford-certificate-web (37) unstable; urgency=medium

  * Exclude the README.md file from the package build.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 30 Jan 2019 10:09:17 -0800

stanford-certificate-web (36) unstable; urgency=medium

  * Populate server name and Subject Alternative Names when CSR text box
    changes; remove the populate button.
  * Add "Homepage" field to control file.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 23 Jan 2019 10:03:41 -0800

stanford-certificate-web (35) unstable; urgency=medium

  * Add attention text with information about change to two-year expiration
    maximum.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 02 Mar 2018 10:47:22 -0800

stanford-certificate-web (34) unstable; urgency=medium

  * Change expiration choices from 1, 2, or 3 to 1 or 2.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 02 Mar 2018 10:27:58 -0800

stanford-certificate-web (33) unstable; urgency=medium

  * Add Stanford favicon.ico.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 02 Jun 2017 11:54:11 -0700

stanford-certificate-web (32) unstable; urgency=medium

  * Update to handle ECC-based certificates.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 26 May 2017 19:50:27 -0700

stanford-certificate-web (31) unstable; urgency=medium

  * Add support for an outage page redirect.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Thu, 11 May 2017 18:54:11 -0700

stanford-certificate-web (30) unstable; urgency=medium

  * Trap CSR parse error when trying to get keysize of CSR.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 03 Apr 2017 15:39:41 -0700

stanford-certificate-web (29) unstable; urgency=medium

  * Use the Post/Redirect/Get design pattern to try and avoid duplicate
    requests. Uses cookies.
  * Make the instructions at the top collapsible.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 17 Mar 2017 19:36:01 -0700

stanford-certificate-web (28) unstable; urgency=medium

  * Change some help links: relocate the CSR creation link and replace the
    link to WebAuthv3 with one to Stanford SAML.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 28 Feb 2017 14:52:45 -0800

stanford-certificate-web (27) unstable; urgency=medium

  * Fix bad bug where an obsolete certificate-type form parameter was being
    looked at and found to be missing so it looked as if the request went
    through when it actually didn't.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 11 Jan 2017 13:58:40 -0800

stanford-certificate-web (26) unstable; urgency=medium

  * Allow wildcard hostnames in the SAN section.
  * Remove certificate type radios buttons.
  * Uses the new JRuby script /usr/bin/netdb-access-info-for-ssl
    java-based RMI script to directly query NetDB (depends on the
    libnetdb-java package).
  * Add new Python-based selenium tests.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Sun, 03 Apr 2016 19:53:58 -0700

stanford-certificate-web (25) unstable; urgency=medium

  * Use dn_to_cn from Stanford::Orange::Util.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 08 Mar 2016 09:03:45 -0800

stanford-certificate-web (24) unstable; urgency=medium

  * Use a better method of getting CSR key size.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 07 Mar 2016 13:15:53 -0800

stanford-certificate-web (23) unstable; urgency=medium

  * Add javascript pop-up that complains if the contact address is not a
    mailman list.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Sat, 13 Feb 2016 10:11:26 -0800

stanford-certificate-web (22) unstable; urgency=medium

  * Add some text to web form directing submitters to put star cert name
    in SAN rather than CN.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 28 Sep 2015 07:55:14 -0700

stanford-certificate-web (21) unstable; urgency=low

  * Make sure the input CSR string gets whitespace-trimmed (Jira
    CERT-101).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 27 May 2015 12:48:01 -0700

stanford-certificate-web (20) unstable; urgency=low

  * Require that *-certs have their domain validated in NetDB just like
    non-star certs (Jira CERT-65).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 17 Apr 2015 15:44:53 -0700

stanford-certificate-web (19) unstable; urgency=low

  * csr-parse: Handle CSR that has its CN in reverse order.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Thu, 08 May 2014 12:34:17 -0700

stanford-certificate-web (18) stable; urgency=low

  * cert-request: Fix bug introduced by the addition of the 'x' regex
    match flag.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 21 Apr 2014 10:36:12 -0700

stanford-certificate-web (17) unstable; urgency=low

  * Move javascript code from javascript/ to js/ to avoid
    wheezy package javascript-common conflict.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Thu, 17 Apr 2014 10:54:46 -0700

stanford-certificate-web (16) UNRELEASED; urgency=low

  * Allow for spaces in alternative name field and then strip
    them out.

 -- Kevin Hall <hallk@stanford.edu>  Tue, 08 Apr 2014 15:04:03 -0700

stanford-certificate-web (15) unstable; urgency=low

  * Fix @alts bug and respond to perlcritic (Jira CERT-69).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 01 Apr 2014 16:41:57 -0700

stanford-certificate-web (14) unstable; urgency=low

  * Do better validation on alternative server names field (Jira CERT-66).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 21 Jan 2014 15:13:35 -0800

stanford-certificate-web (13) unstable; urgency=low

  * Fixed incorrect package name in control file.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Sat, 10 Aug 2013 09:48:59 -0700

stanford-certificate-web (12) unstable; urgency=low

  * Populate server name field from CSR (Jira CERT-58).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 09 Aug 2013 15:57:37 -0700

stanford-certificate-web (11) unstable; urgency=low

  * Allow only a single e-mail address in the contact-email input (Jira
    CERT-63).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 19 Jun 2013 12:26:48 -0700

stanford-certificate-web (10) unstable; urgency=low

  * Show an error if more than 100 alternative names are submitted. (Jira CERT-55)

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 27 May 2013 08:04:53 -0700

stanford-certificate-web (9) unstable; urgency=low

  * Add an id attribute to submit button to help testing.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 27 May 2013 07:33:31 -0700

stanford-certificate-web (8) unstable; urgency=low

  * Use the sunetid to create the requester e-mail if the LDAP e-mail is
    not defined or inaccessible (Jira CERT-53).
  * Change mind (again): manage template in this package.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 22 Apr 2013 09:19:05 -0700

stanford-certificate-web (7) unstable; urgency=low

  * Changed mind about template files: manage them in
    stanford-server-tools.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Tue, 09 Apr 2013 08:55:09 -0700

stanford-certificate-web (6) unstable; urgency=low

  * Removed the reissue code (force users to simply ask for new certificate).

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 08 Apr 2013 09:04:22 -0700

stanford-certificate-web (5) unstable; urgency=low

  * Add the template files (.th) to this package.
  * Handle missing config directives better (Jira CERT-43)

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Thu, 21 Mar 2013 09:46:36 -0700

stanford-certificate-web (4) unstable; urgency=low

  * [Jira CERT-32] Disallow submission of *.stanford.edu in web page logic.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Wed, 06 Mar 2013 15:54:00 -0800

stanford-certificate-web (3) unstable; urgency=low

  * Rename cert-request-gamma to cert-request.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Fri, 22 Feb 2013 16:38:04 -0800

stanford-certificate-web (2) unstable; urgency=low

  * Add note to about web form about wilcard certs being only available to
    subdomains of stanford.edu

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Thu, 21 Feb 2013 09:02:50 -0800

stanford-certificate-web (1) unstable; urgency=low

  * Initial version.

 -- Adam Henry Lewenberg <adamhl@stanford.edu>  Mon, 10 Feb 2013 06:43:46 -0800
