OpenCA Version 0.2.0 RELEASED - Major Release
=============================================
OpenCA - The Open Certification Authority Toolkit
(http://www.openca.org)
The OpenCA core team is proud to announce the new release of the OpenCA.
This version incorporates many changes and fixes from previously released
archives.
OpenCA Current features:
========================
o Certification Authority can now import Requests, list certificate
requests, export certs, archivie requests, view archivied requests,
delete requests, issue certificates, verify RA operator identity,
export CRL;
o Registration Authorities Server can list pending/deleted/archivied
requests, approve requests, export requests to removable media,
import new certs from removable media, import CRLs;
OpenCA differences between previous release (0.1.9):
=====================================================
o Corrected a bug in the RAServer LDAP routines (the
usercertificate;binary attribute was added without
value while adding the user in the LDAP);
o Added the TYPE tag in the request cgi (cgi-secure/request)
to start handling NETSCAPE|PKCS10|IE requests type;
o Lower-cased the email parameter in the cgi-secure/request
because of Netscape behaviour when searching into LDAP is
case insensitive thus when issuing the certificate the
whole subject is case sensitive (allowing users to issue
more than one certificate by simply having the e-mail
with Upper/Lower case);
o Corrected some bugs in the sendMail command. Now Should be
working without great configuration problems. Corrected a
certificate search name bug, added a sample certsMail.txt
file (to be sent to the user after the certificate has been
issued).
o Added the parseCertificateFile function to the RAServer
program (still needs testing) to parse the pem certificate
file passed as unique argument. Returns an hash structure.
o Updated the warnUser routine.
o Updated the spkac routines so as to use the latest patches
included in OpenSSL ( pre 0.9.5 versions +) to be compatible
with next release of the crypto library.
o Added support for new SPKAC option in OpenSSL for the ca
program.
o Enabled addition to the certificate' DB of the issued certs
from inside the ca program.
o Corrected a bug while adding certificates' to DB (only the
pem certificate now it is actually added to the DB). The
serial number is correctly parsed.
o Added OpenCA CA support for exportCRL command.
o Removed the viewCRL command as it could be dangerous with very
large certificates' DB (overflow(?)).
o Renamed ca.conf keywords:
PackCerts ---> CreateArchive
UnpackRequests ---> UnpackArchive
TextExportedCerts ---> TestArchive
o Renamed raserver.conf keywords:
PackRequests ---> CreateArchive
UnpackCerts ---> UnpackArchive
TextExportedRequests ---> TestArchive
o Added support for CRLs to secure directory structure and for the
RAServer program. Now it correctly imports CAs CRL into htdocs-secure/
crl directory and converts in various formats (DER|PEM|TXT).
o Added CRLDir keyword in the raserver.conf file (for CRL support).
o Added a script scripts/createDB.pl that creates the issued_certs and
revoked_certs DB while installing CA (make install-ca).
o Small bugfixes.
Notes:
======
This release still is a developer-only version. Please refer to our web site on
how to contribute to the project: you are strongly encouraged to contribute to
the project so as to speed up community driven development, the best. Mailing
lists are also available.
Software Availability
=====================
We consider the announced version the most reliable one, and we encourage users
of older ones to upgrade their packages. Corrently you can find archives at our
web site ftp://ftp.openca.org. The site is currently slow and no mirrors have
been set up so far, please be patient.
Mirrors list:
o ftp://ftp.dti.ad.jp/pub/net/OpenCA (Japan)
o ftp://sunsite.cnlab-switch.ch/mirror/OpenCA (Switzerland)
o ftp://ftp.pca.dfn.de/pub/pca/tools/openca/ (Germany)
We hope you find this software useful and to receive many comments and/or proposal
and/or code coming from the users' community. As soon as possible the project will
be put under cvs for better revision control.
Contacts
========
To contact us, please visit our web site where you will find any information on
how to send your comments to us.
Massimiliano Pala
([EMAIL PROTECTED])
S/MIME Cryptographic Signature
