I think making it configurable is worse :)
There's not a good tutorial besides what is in Lemur's documentation ( https://lemur.readthedocs.io/en/latest/guide/index.html ). For Digicert, you will need to create variables in your configuration depending on the specific API you are using . For Digicert's CIS API, you'd need to configure DIGICERT_CIS_URL, DIGICERT_CIS_API_KEY, DIGICERT_CIS_PROFILE_NAME, DIGICERT_CIS_INTERMEDIATE, DIGICERT_CIS_ROOT (DIGICERT_ECC_CIS_INTERMEDIATE if you intend to issue ECC certificates) . Otherwise, you'd need DIGICERT_URL, DIGICERT_API_KEY, DIGICERT_ORG_ID, DIGICERT_ROOT, and DIGICERT_INTERMEDIATE
I have tried every method available online to get lemur running with no success. Any success stories recently???
I can't login and click any tab like DASHBOARD, CERTIFICATES, etc...
bowser.json looks intact as shown below.
(lemur) lemur@ubuntu-xenial:/www/lemur/bower_components$ ls
angular angular-loading-bar angular-ui-select Chart.js json3 satellizer
angular-animate angular-moment angular-ui-switch d3 lodash underscore
angular-bootstrap angular-sanitize angular-underscore es5-shim moment
angular-chart.js angular-smart-table angular-wizard file-saver.js moment-range
angular-clipboard angular-strap blob-polyfill fontawesome ngletteravatar
angular-file-saver angular-translate bootstrap font-awesome ng-table
angularjs-toaster angular-ui-router bootswatch jquery restangular
(lemur) lemur@ubuntu-xenial:/www/lemur/bower_components$
bowser.json looks intact as shown below.
(lemur) lemur@ubuntu-xenial:/www/lemur/bower_components$ ls
angular angular-loading-bar angular-ui-select Chart.js json3 satellizer
angular-animate angular-moment angular-ui-switch d3 lodash underscore
angular-bootstrap angular-sanitize angular-underscore es5-shim moment
angular-chart.js angular-smart-table angular-wizard file-saver.js moment-range
angular-clipboard angular-strap blob-polyfill fontawesome ngletteravatar
angular-file-saver angular-translate bootstrap font-awesome ng-table
angularjs-toaster angular-ui-router bootswatch jquery restangular
(lemur) lemur@ubuntu-xenial:/www/lemur/bower_components$
{
"name": "lemur",
"repository": {
"type": "git",
"url": "git://github.com/netflix/lemur.git"
},
"private": true,
"dependencies": {
"jquery": "~2.2.0",
"angular-wizard": "~0.4.0",
"angular": "1.4.9",
"json3": "~3.3",
"es5-shim": "~4.5.0",
"bootstrap": "~3.3.6",
"angular-bootstrap": "~1.1.1",
"angular-animate": "~1.4.9",
"restangular": "~1.5.1",
"ng-table": "~0.8.3",
"moment": "~2.11.1",
"angular-loading-bar": "~0.8.0",
"angular-moment": "~0.10.3",
"moment-range": "~2.1.0",
"angular-clipboard": "~1.3.0",
"angularjs-toaster": "~1.0.0",
"angular-chart.js": "~0.8.8",
"ngletteravatar": "~4.0.0",
"bootswatch": "~3.3.6",
"fontawesome": "~4.5.0",
"satellizer": "~0.13.4",
"angular-ui-router": "~0.2.15",
"font-awesome": "~4.5.0",
"lodash": "~4.0.1",
"underscore": "~1.8.3",
"angular-smart-table": "2.1.8",
"angular-strap": ">= 2.2.2",
"angular-underscore": "^0.5.0",
"angular-translate": "^2.9.0",
"angular-ui-switch": "~0.1.0",
"angular-sanitize": "~1.5.0",
"angular-file-saver": "~1.0.1",
"angular-ui-select": "~0.17.1",
"d3": "^3.5.17"
},
"../bower.json" 56L, 1411C 1,1 Top
"name": "lemur",
"repository": {
"type": "git",
"url": "git://github.com/netflix/lemur.git"
},
"private": true,
"dependencies": {
"jquery": "~2.2.0",
"angular-wizard": "~0.4.0",
"angular": "1.4.9",
"json3": "~3.3",
"es5-shim": "~4.5.0",
"bootstrap": "~3.3.6",
"angular-bootstrap": "~1.1.1",
"angular-animate": "~1.4.9",
"restangular": "~1.5.1",
"ng-table": "~0.8.3",
"moment": "~2.11.1",
"angular-loading-bar": "~0.8.0",
"angular-moment": "~0.10.3",
"moment-range": "~2.1.0",
"angular-clipboard": "~1.3.0",
"angularjs-toaster": "~1.0.0",
"angular-chart.js": "~0.8.8",
"ngletteravatar": "~4.0.0",
"bootswatch": "~3.3.6",
"fontawesome": "~4.5.0",
"satellizer": "~0.13.4",
"angular-ui-router": "~0.2.15",
"font-awesome": "~4.5.0",
"lodash": "~4.0.1",
"underscore": "~1.8.3",
"angular-smart-table": "2.1.8",
"angular-strap": ">= 2.2.2",
"angular-underscore": "^0.5.0",
"angular-translate": "^2.9.0",
"angular-ui-switch": "~0.1.0",
"angular-sanitize": "~1.5.0",
"angular-file-saver": "~1.0.1",
"angular-ui-select": "~0.17.1",
"d3": "^3.5.17"
},
"../bower.json" 56L, 1411C 1,1 Top
Here is the error scree shot.
{
"name": "lemur",
"repository": {
"type": "git",
"url": "git://github.com/netflix/lemur.git"
},
"private": true,
"dependencies": {
"jquery": "~2.2.0",
"angular-wizard": "~0.4.0",
"angular": "1.4.9",
"json3": "~3.3",
"es5-shim": "~4.5.0",
"bootstrap": "~3.3.6",
"angular-bootstrap": "~1.1.1",
"angular-animate": "~1.4.9",
"restangular": "~1.5.1",
"ng-table": "~0.8.3",
"moment": "~2.11.1",
"angular-loading-bar": "~0.8.0",
"angular-moment": "~0.10.3",
"moment-range": "~2.1.0",
"angular-clipboard": "~1.3.0",
"angularjs-toaster": "~1.0.0",
"angular-chart.js": "~0.8.8",
"ngletteravatar": "~4.0.0",
"bootswatch": "~3.3.6",
"fontawesome": "~4.5.0",
"satellizer": "~0.13.4",
"angular-ui-router": "~0.2.15",
"font-awesome": "~4.5.0",
"lodash": "~4.0.1",
"underscore": "~1.8.3",
"angular-smart-table": "2.1.8",
"angular-strap": ">= 2.2.2",
"angular-underscore": "^0.5.0",
"angular-translate": "^2.9.0",
"angular-ui-switch": "~0.1.0",
"angular-sanitize": "~1.5.0",
"angular-file-saver": "~1.0.1",
"angular-ui-select": "~0.17.1",
"d3": "^3.5.17"
},
"../bower.json" 56L, 1411C 1,1 Top
"name": "lemur",
"repository": {
"type": "git",
"url": "git://github.com/netflix/lemur.git"
},
"private": true,
"dependencies": {
"jquery": "~2.2.0",
"angular-wizard": "~0.4.0",
"angular": "1.4.9",
"json3": "~3.3",
"es5-shim": "~4.5.0",
"bootstrap": "~3.3.6",
"angular-bootstrap": "~1.1.1",
"angular-animate": "~1.4.9",
"restangular": "~1.5.1",
"ng-table": "~0.8.3",
"moment": "~2.11.1",
"angular-loading-bar": "~0.8.0",
"angular-moment": "~0.10.3",
"moment-range": "~2.1.0",
"angular-clipboard": "~1.3.0",
"angularjs-toaster": "~1.0.0",
"angular-chart.js": "~0.8.8",
"ngletteravatar": "~4.0.0",
"bootswatch": "~3.3.6",
"fontawesome": "~4.5.0",
"satellizer": "~0.13.4",
"angular-ui-router": "~0.2.15",
"font-awesome": "~4.5.0",
"lodash": "~4.0.1",
"underscore": "~1.8.3",
"angular-smart-table": "2.1.8",
"angular-strap": ">= 2.2.2",
"angular-underscore": "^0.5.0",
"angular-translate": "^2.9.0",
"angular-ui-switch": "~0.1.0",
"angular-sanitize": "~1.5.0",
"angular-file-saver": "~1.0.1",
"angular-ui-select": "~0.17.1",
"d3": "^3.5.17"
},
"../bower.json" 56L, 1411C 1,1 Top
Lemur ADCS plugin uses ADCS Web enrollment for performing certificate management (certsrv). And I learn that Microsoft ADCS web enrollment is outdated and probably deprecated. Can you please let me know if there is any alternate for ADCS Web enrollment that Lemur already/plans to provides.
@ItaloPerez2019 : Someone opened Netflix/lemur#2863 on this topic. I answered there: Found this discussion:
https://social.technet.microsoft.com/Forums/en-US/d60f99d5-8410-4acb-97e6-8b53b8feaa16/adcs-webenrollment-deprecated-?forum=winserverDS
From there I gather it is not dead yet.
Do you have any written statement stating the demise of the interface?
not sure how it all works. if i try to create a subca using the authority, it spits out some crazy error about "AttributeError: 'NoneType' object has no attribute 'strip'"
@intgr thanks. I have meanwhile tested a POST to /certificates from the gUI and collected the JSON in the request. From the look of it, I think I'll be able to just POST the specific options which would be selected as part of the template. Not ideal, but I think it will do.
Hello there! I tried to run Lemur tests with docker-compose and got
/bin/bash: npm: command not found. I added npm to apt-get in Dockerfile and seems it fixed the issue. Is it known problem? I use Ubuntu 18.04, docker 19.03.5 and docker-compose 1.25.0
Regarding this, I submitted PR to fix the issue Netflix/lemur#2885
hi @pmelse, there is an ACME plug-in in Lemur, and we are using it for Let's Encrypt certificates.
Currently, only DNS validation is supported, but ideally should be expanded to include http01 validation. Would love to see any contributions code-wise, or documentation-wise. As you mentioned, this has a big impact on adoption.
https://lemur.readthedocs.io/en/latest/production/index.html#add-support-for-letsencrypt
Currently, only DNS validation is supported, but ideally should be expanded to include http01 validation. Would love to see any contributions code-wise, or documentation-wise. As you mentioned, this has a big impact on adoption.
https://lemur.readthedocs.io/en/latest/production/index.html#add-support-for-letsencrypt
@hkrutzer, yes Lemur can reissue a certificate with the old parameters of the old one automatically. it can also rotate it on endpoints, such as load balancers. You would need to schedule a celery job to run daily
https://github.com/Netflix/lemur/blob/master/lemur/common/celery.py#L485-L558
https://github.com/Netflix/lemur/blob/master/lemur/certificates/cli.py
https://github.com/Netflix/lemur/blob/master/lemur/common/celery.py#L485-L558
https://github.com/Netflix/lemur/blob/master/lemur/certificates/cli.py
@hosseinsh, could you please quickly explain auto-reissue functionaltiy?
I've tried many times but can't make it work. If I have a certificate that expires in N days with a rotation policy set to K>=N days and rotation enabled, it doesn't get rotated automatically, irregarding if I run sources synchronisation. At the same time, I can successfully reissue it using command line.
I've tried many times but can't make it work. If I have a certificate that expires in N days with a rotation policy set to K>=N days and rotation enabled, it doesn't get rotated automatically, irregarding if I run sources synchronisation. At the same time, I can successfully reissue it using command line.
This was mainly tested on 0.7.0.
@ooav if the reissue is working well from the command line, I am not sure, why the scheduled job shall not work. in the 0.7.0 version one can create a cron task which runs daily and tries to re-issue any certs which fall under the the window of auto-rotate:
/lemur/bin/lemur certificate reissue -c" note that this is only re-issuing the cert, if you wanted to be rotated on your endpoint, say a load balancer, you need to also have a cron task for lemur/bin/lemur certificate rotate -c
Hi, I'm new with Lemur, I'm currently testing following the docs. I want to create a root CA and a sub CA using the cryptography plugin. I was able to create the root CA, but I can't create a subCA using the authority previously created. I got this error:
Private would be ignored, authority key used instead. Could someone assist me please? I will appreciate it.
2 replies
@kevgliss We have plugin working for our internal ca. we are planning to use api's for the clients to enrolls certs on to IoT devices. I have a question on the json response object for certificates creation. How do we change the response to keep it limited like only body (cert) , serial no and base64pem (cert).
3 replies
Hello, we're looking to use Lemur in production and was wondering if it was possible to run multiple Lemur instances at the same time? I assume this is possible as long as the database and encryption keys are the same. Are there are issues with running multiple Lemur instances like this?
1 reply
Hello,
I spent some time with lemur and I have to say it appears pretty buggy.
Is this still developed or is everybody walking away?
The docker image does not work, the documentation is not update and even getting to point where I can start issuing certificates was a hassle.
Now I seem to be stuck at a validation error about auto-rotate, yet I haven enabled that
I spent some time with lemur and I have to say it appears pretty buggy.
Is this still developed or is everybody walking away?
The docker image does not work, the documentation is not update and even getting to point where I can start issuing certificates was a hassle.
Now I seem to be stuck at a validation error about auto-rotate, yet I haven enabled that
Hi,
I was looking at lemur for some time now.
Took some time to figure it out.
I have succeeded in generating certificates with Let'sEncrypt using route53 as dns provider.
I was now trying to look at digicert plugin, but i can't seem to create a new certificate using digicert using the webUI and the API.
Some help will be useful.
Thanks
I was looking at lemur for some time now.
Took some time to figure it out.
I have succeeded in generating certificates with Let'sEncrypt using route53 as dns provider.
I was now trying to look at digicert plugin, but i can't seem to create a new certificate using digicert using the webUI and the API.
Some help will be useful.
Thanks
2 replies
I got lemur running but it fails when trying to create a certificate
Rotation Policy - {"_schema":"Unable to find <class 'lemur.policies.models.RotationPolicy'> with name: default"}This looks like it should be fixed Netflix/lemur#923
Hi,
I'm trying to set up my lemur env for a while now, I'm using the official documentation while trying to generate certificates with Let'sEncrypt using route53 through webUI with no luck.
Does someone have documentation or something that could help me?
Thanks ππππππ
I'm trying to set up my lemur env for a while now, I'm using the official documentation while trying to generate certificates with Let'sEncrypt using route53 through webUI with no luck.
Does someone have documentation or something that could help me?
Thanks ππππππ