mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Updated README
This commit is contained in:
parent
f92853bedb
commit
48541b7a08
26
README.rst
26
README.rst
@ -10,6 +10,13 @@ eventually support PKCS#11 and in far future WebCrypto.
|
|||||||
|
|
||||||
.. figure:: doc/usecase-diagram.png
|
.. figure:: doc/usecase-diagram.png
|
||||||
|
|
||||||
|
Certidude is mainly designed for VPN gateway operators to make VPN adoption usage
|
||||||
|
as simple as possible.
|
||||||
|
For a full-blown CA you might want to take a look at
|
||||||
|
`EJBCA <http://www.ejbca.org/features.html>`_ or
|
||||||
|
`OpenCA <https://pki.openca.org/>`_.
|
||||||
|
|
||||||
|
|
||||||
Features
|
Features
|
||||||
--------
|
--------
|
||||||
|
|
||||||
@ -22,20 +29,29 @@ Features
|
|||||||
* Certificate numbering obfuscation, certificate serial numbers are intentionally
|
* Certificate numbering obfuscation, certificate serial numbers are intentionally
|
||||||
randomized to avoid leaking information about business practices.
|
randomized to avoid leaking information about business practices.
|
||||||
* Server-side events support via for example nginx-push-stream-module.
|
* Server-side events support via for example nginx-push-stream-module.
|
||||||
* Kerberos based authentication
|
* Kerberos based web interface authentication.
|
||||||
|
* File based whitelist authorization, easy to integrate with LDAP as shown below.
|
||||||
|
|
||||||
|
|
||||||
|
Coming soon
|
||||||
|
-----------
|
||||||
|
|
||||||
|
* Refactor mailing subsystem and server-side events to use hooks.
|
||||||
|
* Notifications via e-mail.
|
||||||
|
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
----
|
----
|
||||||
|
|
||||||
* Refactor mailing subsystem and server-side events to use hooks.
|
* `OCSP <https://tools.ietf.org/html/rfc4557>`_ support, needs a bit hacking since OpenSSL wrappers are not exposing the functionality.
|
||||||
* Notifications via e-mail.
|
* `SECP <https://tools.ietf.org/html/draft-nourse-scep-23>`_ support, a client implementation available `here <https://github.com/certnanny/sscep>`_. Not sure if we can implement server-side events within current standard.
|
||||||
* OCSP support.
|
|
||||||
* Deep mailbox integration, eg fetch CSR-s from mailbox via IMAP.
|
* Deep mailbox integration, eg fetch CSR-s from mailbox via IMAP.
|
||||||
* WebCrypto support, meanwhile check out `hwcrypto.js <https://github.com/open-eid/hwcrypto.js>`_.
|
* WebCrypto support, meanwhile check out `hwcrypto.js <https://github.com/open-eid/hwcrypto.js>`_.
|
||||||
* Certificate push/pull, making it possible to sign offline.
|
* Certificate push/pull, making it possible to sign offline.
|
||||||
* PKCS#11 hardware token support for signatures at command-line.
|
* PKCS#11 hardware token support for signatures at command-line.
|
||||||
|
* Ability to send ``.ovpn`` bundle URL tokens via e-mail, for simplified VPN adoption.
|
||||||
|
* Cronjob for deleting expired certificates
|
||||||
|
* Signer process logging.
|
||||||
|
|
||||||
Install
|
Install
|
||||||
-------
|
-------
|
||||||
|
Loading…
Reference in New Issue
Block a user