1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Updated README

This commit is contained in:
Lauri Võsandi 2015-08-22 23:19:30 +03:00
parent f92853bedb
commit 48541b7a08

View File

@ -10,6 +10,13 @@ eventually support PKCS#11 and in far future WebCrypto.
.. figure:: doc/usecase-diagram.png .. figure:: doc/usecase-diagram.png
Certidude is mainly designed for VPN gateway operators to make VPN adoption usage
as simple as possible.
For a full-blown CA you might want to take a look at
`EJBCA <http://www.ejbca.org/features.html>`_ or
`OpenCA <https://pki.openca.org/>`_.
Features Features
-------- --------
@ -22,20 +29,29 @@ Features
* Certificate numbering obfuscation, certificate serial numbers are intentionally * Certificate numbering obfuscation, certificate serial numbers are intentionally
randomized to avoid leaking information about business practices. randomized to avoid leaking information about business practices.
* Server-side events support via for example nginx-push-stream-module. * Server-side events support via for example nginx-push-stream-module.
* Kerberos based authentication * Kerberos based web interface authentication.
* File based whitelist authorization, easy to integrate with LDAP as shown below.
Coming soon
-----------
* Refactor mailing subsystem and server-side events to use hooks.
* Notifications via e-mail.
TODO TODO
---- ----
* Refactor mailing subsystem and server-side events to use hooks. * `OCSP <https://tools.ietf.org/html/rfc4557>`_ support, needs a bit hacking since OpenSSL wrappers are not exposing the functionality.
* Notifications via e-mail. * `SECP <https://tools.ietf.org/html/draft-nourse-scep-23>`_ support, a client implementation available `here <https://github.com/certnanny/sscep>`_. Not sure if we can implement server-side events within current standard.
* OCSP support.
* Deep mailbox integration, eg fetch CSR-s from mailbox via IMAP. * Deep mailbox integration, eg fetch CSR-s from mailbox via IMAP.
* WebCrypto support, meanwhile check out `hwcrypto.js <https://github.com/open-eid/hwcrypto.js>`_. * WebCrypto support, meanwhile check out `hwcrypto.js <https://github.com/open-eid/hwcrypto.js>`_.
* Certificate push/pull, making it possible to sign offline. * Certificate push/pull, making it possible to sign offline.
* PKCS#11 hardware token support for signatures at command-line. * PKCS#11 hardware token support for signatures at command-line.
* Ability to send ``.ovpn`` bundle URL tokens via e-mail, for simplified VPN adoption.
* Cronjob for deleting expired certificates
* Signer process logging.
Install Install
------- -------