From: <ope...@li...> - 2001-11-02 15:27:04
|
OpenCA Project Overview: ======================== The OpenCA Project is a collaborative effort to develop a robust, full featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA is based on many Open Source Projects. Among the supported software is OpenLDAP, OpenSSL, Apache Project's httpd, mod_ssl. The project development is divided into two main tasks: studying and refining the security scheme that guarantees the best model to be used in a CA and developing software to easily setup and manage a Certification Authority. Project Status: =============== OpenCA version 0.9.0 Status: Developing OpenCA version 0.8.0 Status: Released 02 Nov 2001 OpenCA version 0.6.0 Status: [ Never Released ] OpenCA version 0.2.0 Status: Released 16 Nov 1999 OpenCA Current features: ======================== o Certification Authority can now import requests, list certificate requests, export certs, archive requests, view archived requests, delete requests, issue certificates, verify RA operator identity, export CRL; o Registration Authorities Server can list pending/deleted/archived requests, approve requests, export requests to removable media, import new certs from removable media, import CRLs, export CA certificate to LDAP, export CRLs to LDAP, initialize LDAP, export client certificates to LDAP; o Public server can list pending requests, accept PKCS#10 certification requests, accept SPKAC certification requests, accept IE certification requests, deliver issued certificates to users, deliver issued CRLs to users, display CRLs, list users' certificates; OpenCA differences to previous release (0.2.0): =============================================== o Modularization process completed. OpenCA now uses a series of modules to easily code organization and handling of pki related objects (such as certificates, crl, requests, etc...). o Added support for Internet Explorer for requesting certificates. o Stripped off the EMAIL field from certificates (default behaviour, this could be avoided by editing the email_in_dn parameter in the provided openssl configuration file); o Initial Certificate extensions management. Actually it is possible to add new certificates profiles (using openssl extfiles). This gives the possibility both to the RA Operator and to the CA Operator to choose the certificate's profile to be used. o Added support for managing DNs before approving a request. o LDAP support included using new perl-ldap module over the Net-LDAPApi one. We have decided to move to the perl-ldap module because of many problems found when installing the old Net-LDAPApi module as this is no more supported and incompatibility issues arise with openldap 2.xx versions. o DB backend support added for PKI related objects. The DB backend currently has support for file-based DBMs and for SQL DBMs (mySql, Oracle, DB2, Postgres). o DBMs backend initialization is web-based both on the RAServer and on the CA. o Installation now uses autoconf scripts. The autoconf script usage is aimed towards the easy of the installation process on different platforms. o Enabled RA Operator's signature verification before issuing the new certificate (uses the openca-verify command of the OpenCA-SV package). o Bugfixing. References: =========== The OpenCA Project main website can be found at http://www.openca.org (or at http://openca.sourceforge.net). You can find all current versions and available documentation there. You can also download any part of the software or documentation also at the official ftp site: ftp://ftp.openca.org ftp://openca.sourceforge.net/pub/openca (soon removed) or from one of the official mirrors: http://www.openca.org/openca/mirrors.shtml OpenCA Developers Group --o------------------------------------------------------------------------- Massimiliano Pala [OpenCA Project Manager] ma...@cp... ma...@op... ma...@ha... http://www.openca.org Tel.: +39 (0)59 270 094 http://openca.sourceforge.net Mobile: +39 (0)347 7222 365 |