From 48541b7a08b22d07b8718a1703e1a9388ddb543d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Sat, 22 Aug 2015 23:19:30 +0300 Subject: [PATCH] Updated README --- README.rst | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/README.rst b/README.rst index f062394..8e7762e 100644 --- a/README.rst +++ b/README.rst @@ -10,6 +10,13 @@ eventually support PKCS#11 and in far future WebCrypto. .. figure:: doc/usecase-diagram.png +Certidude is mainly designed for VPN gateway operators to make VPN adoption usage +as simple as possible. +For a full-blown CA you might want to take a look at +`EJBCA `_ or +`OpenCA `_. + + Features -------- @@ -22,20 +29,29 @@ Features * Certificate numbering obfuscation, certificate serial numbers are intentionally randomized to avoid leaking information about business practices. * Server-side events support via for example nginx-push-stream-module. -* Kerberos based authentication +* Kerberos based web interface authentication. +* File based whitelist authorization, easy to integrate with LDAP as shown below. + + +Coming soon +----------- + +* Refactor mailing subsystem and server-side events to use hooks. +* Notifications via e-mail. TODO ---- -* Refactor mailing subsystem and server-side events to use hooks. -* Notifications via e-mail. -* OCSP support. +* `OCSP `_ support, needs a bit hacking since OpenSSL wrappers are not exposing the functionality. +* `SECP `_ support, a client implementation available `here `_. Not sure if we can implement server-side events within current standard. * Deep mailbox integration, eg fetch CSR-s from mailbox via IMAP. * WebCrypto support, meanwhile check out `hwcrypto.js `_. * Certificate push/pull, making it possible to sign offline. * PKCS#11 hardware token support for signatures at command-line. - +* Ability to send ``.ovpn`` bundle URL tokens via e-mail, for simplified VPN adoption. +* Cronjob for deleting expired certificates +* Signer process logging. Install -------