OpenCA v1.0.1 (ten-ten) Release-Announcement
============================================
OpenCA v1.0.1 (ten-ten) is released on Oct 10th, 2008. We added
a lot of new features and we hope the new version will meet many
of the requirements for your CAs.
Here we list some of the major changes over version 0.9.3:
* Added Minimum Certificate Validity Period for Expiring email sending
(automatically)
* Added extensive information in the Auto(*) daemon activation
pages - to explain the available configuration options.
* Finished AutoEmail daemon for automatic E-Mail sending (both
for newly issued certificates and for expiring certificate
warnings)
* Added the possibility for searching for attributes with multiple
values (eg., multiple roles or LOA for certs)
* Finished AutoCRL daemon for issuing CRL automatically
* Added autoEmail daemon (automatic E-Mail sending)
* Fixed loading/saving of parameters for Auto(*) daemons
* Extended report on the status for Auto(*) daemons
* Fixed CRL and Certificates auto status update (valid/expired)
* Added AutoCRL daemon (needs additional work)
* Added new functions to misc-utils.lib for managing process status
verification and parameter configuration save/restore.
* Fixed search of objects and extra-refs for lists
* Fixed DSA and ECDSA e-mail problems (no encryption is supported)
* Fixed retrieval of requested certificates when the key
is generated on the server (eg., a .p12 is returned now)
* Fixed lists (REQ, CERTS, etc... ) display (more readable)
* Added Level of Assurance Checking (Key Algorithm, Key Generation Mode
and Key Size)
* Added support for requestStatus to request configuration for automatically
approved requests (values can be one of NEW, PENDING, or APPROVED)
* Added support for ldaps and starttls for ldap authenticated browser
requests (etc/datasources.xml)
* Added authenticated (via ldap) browser request form (etc/auth_browser_req.xml)
* Added a defaul logo page (instead of software version one)
* Added support for the new certificate request form for CA initialization
* Fixed a space-tolerance in RDNs
* Simplified the Certificate Request Page
* Added more configurable and simplified certificate request form
(etc/browser_req.xml)
* Updated script code (no more VB - only javascript)
* Added Vista Support (IE7) for certificate request
* Added DC fields in CA Certificate Request
* Added possibility to specify the subjectAltName via the CA
interface when self-signing the CA certificate
* Fixed Browser and OS recognition in initCGI
* Fixed DN parsing in OpenSSL.pm and REQ.pm to allow bogus DNs
from Windows 2003 server (problem reported by Dmitrij Mironov)
* Added LDAP protocol version selection in config.xml (default 3)
* Added possibility to generate DSA keys, reqs, and certs via
the web interface (eg., for RA/CA operators)
* Added CRL Revocation Code in CRRs
* Fixed several errors in the default RBAC definitions (ACL)
* Fixed name extension when sending .p12 files to the user
* Applied patch from Alexander Klink (cross-site scripting security fix)
* Fixed generation of index.txt file (thanks to Diego de Felice)
* Fixed --with-service-email-account (thanks to Robert Nelson)
* Eliminated debugging info when web-signing (thx to Robert Nelson)
* Added ca_organization, ca_locality, ca_state and ca_country in
etc/config.xml using configure
* Fixed cleanup of directories and ext-modules dependecies
* Fixed menu generation issue that would prevent Safari from
correctly navigating the menu
OpenCA Project Overview:
========================
The OpenCA Project is a collaborative effort to develop a robust,
full featured and Open Source out-of-the-box Certification Authority
implementing the most used protocols with full-strength cryptography
world-wide. OpenCA is based on many Open Source Projects. Among the
supported software is OpenLDAP, OpenSSL, Apache Project, mod_ssl.
The project development is divided in two main tasks: studying and
refining the security scheme that guarantees the best model to be
used in a CA and developing software to easily setup and manage a
Certification Authority.
Project Status:
===============
OpenCA version 1.0.1 Status: Released 10 Oct 2008
OpenCA version 0.9.3 Status: Release Candidate 2 (rc2)
OpenCA version 0.9.3 Status: Release Candidate 1 (rc1)
OpenCA version 0.9.2 Status: Released 11 Oct 2004
OpenCA version 0.9.1 Status: Released 03 Jan 2003
OpenCA version 0.9.0 Status: Released 12 Aug 2002
OpenCA version 0.8.6 Status: Released 17 Jul 2002
OpenCA version 0.8.1 Status: Released 08 Nov 2001
OpenCA version 0.8.0 Status: Bug Fixing
OpenCA version 0.6.0 Status: Never Released
OpenCA version 0.2.0 Status: Released
Core developers Tasks:
=======================
Massimiliano Pala is currently working on:
o Ease of installation and Interface Usability of OpenCA
o Better support for new browsers and Operating Systems
o Automatic Operation Enhancement
o Web-based configuration
o Binary Packages
Open Issues:
============
o Attributes Certificates Support
o
Wishes:
=======
o
References:
===========
The OpenCA Project main website can be found at http://www.openca.org.
You can find all current versions and available documentation there.
You can also download any part of the software or documentation also at
the official ftp site:
http://ftp.openca.org
or from one of the official mirrors:
http://www.openca.org/mirrors.shtml
Massimiliano Pala
- OpenCA Core Development Team -
--
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
