Changes between Version 15 and Version 16 of Document/Development/Wishlist/Module/CA

Show
Ignore:
Timestamp:
10/27/11 19:26:20 (19 months ago)
Author:
jsalamero@… (IP: 88.77.186.246)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Document/Development/Wishlist/Module/CA

    v15 v16  
    11== CA == 
     2 
    23=== Validate Arbitrary Certificate and Key Files === 
    3 === ~~Improvement on Expiration Dates~~ === 
    4 If you create a certification authority and afterwards you try to create a certificate with the same duration in days, you get an error. You must remove one day from the life time to avoid this. 
    54 
    6 This is caused because we ask the user for days but we store the duration in seconds so any certificate created with the same duration in days will surpass the life time of the CA. 
    7  
    8 This behavior isn't intuitive so I suggest that when creating certificates if their expiration date surpass those of the CA in less of 24 hours, their life time must be automatically set to the same (or a few seconds less) than those of the CA. 
    9  
    10 == Upload certificate thru web UI == 
    11  
    12 == ~~Support Subject Alternative Name~~ == 
    13  
    14 == Default expiation date when creating a certificate == 
    15 We should have a default value i nthe expiration date when creating a new certificate. I suggest the maximum expiration date as default.  
     5=== Upload certificate thru web UI === 
    166 
    177=== SSL Certificate Name === 
     
    2111Can this naming be changed to the common-name? Or create a symbolic link to it? 
    2212 
    23  
    2413We cannot change the certificate naming convention to distinguish among revoked and valid certificates with the same common name. 
    2514 
    2615So as you suggest, a symbolic link with the common name pointing to the last valid certificate will be the right approach. 
    2716 
    28 === ~~Roll Out Certificates Created by Zentyal-CA~~ === 
     17=== Move Module to LDAP Back End === 
    2918 
    30 === Move Module to LDAP Back End === 
    3119 - It makes a lot of sense to create certificates on a per a user basis 
    3220 - We could use the !UserCorner to allow users themselves to create their own private key 
    33   - We would need the administrator to configure the defaults for the user created certificates 
     21 - We would need the administrator to configure the defaults for the user created certificates 
     22 
    3423=== Evaluate the Use of nsCertType in Certificates to Enhance Security === 
     24 
    3525OpenVPN has a security option which relies on the nsCertType optional field in certificates. We may want to evaluate the possibility to use this security focused field in our generated certificates.  
    3626