There are still a lot things to do in pyCA.
Topic | Status |
---|---|
Clean up the code and remove all special features to make it usable in a more common way. | released (0.4.1) |
Consequent use of the openssl.cnf throughout the whole package. | released (0.4.1) |
Make certificate enrollment process more comfortable to users, e.g. check parameters against openssl.cnf and give more detailed feedback about input errors. | released (0.4.2) |
Show clickable structure of openssl.cnf for downloading CA certificates and CRLs. | released (0.4.2) |
Documentation of configuration parameters | released (0.4.3) |
Script for generating of CA certificate hierarchies and initial CRLs | released (0.4.5) |
Speed up certificate loading by handling DER certificates | released (0.4.5) |
Documentation of all configuration parameters | released (0.5.0) |
Scripts ca-cycle-pub.py for cyclic CA tasks on the public server | most done and released (0.5.0) |
Update cnf-parsing to reflect the recent changes which were made in OpenSSL (complete rewrite). | released (0.5.1) |
Support for Microsoft Internet Explorer | released (0.6.0) |
Improve LDAP support. | released (0.6.0) |
Store initial master secrets in a database during registration process involving RA or user itself. Printing of registration info for postal shipment, automatic checking of initial master secret. | to do |
Scripts ca-cycle-priv.py for daily/hourly CA tasks on the system holding the private keys | to do |
English help texts. | to do |
Enrollment script server-enroll.py for server certificate requests. | to do |
Speed up access to bigger certificate databases by using the GDBM package for holding a copy of the certificate database | to do |
PKIX compliance (e.g. keyUsage etc.) | to do |
Flexible logging support for CGI-BINs | to do |
Documentation of the certification process | to do |
Script cert-renewal.py for certificate renewal requests | to do |
Script cert-revoke.py for certificate revocation requests | to do |
Instant certificate issueing (what some CAs call "Class 0") without admin interaction | to do |
Improving privacy of certified objects by implementing access control scheme to cert database (maybe just rely on LDAP bind) | to do |
Support for anonymized certificates for better privacy | to do |
Signing stored data and e-mails if possible (depends on further S/MIME support in OpenSSL) | to do |
Better localizing, multiple languages. | to do |