Comments (2)
While planning for a new feature to allow cert generation and/or arbitrary CA's to have "approvers" for signing, this feature essentially came along for free.
Securely doing this(as well as hardening the current signing method) requires changes will break already deployed instances. Without also pushing the next feature on my list at the same time("clustered" setups with more formalized trust segregation between the web, requester and signer parts), I can't think of a great way to generate private keys in a way that everyone would be happy with.
Based on the current structure and the ability to determine the authenticity of the subject data in the database, resigning seems too dangerous without having a human inspect the subject and key usage.
from django-ca.
possible since 1.10.0
from django-ca.
Related Issues (20)
- REST api HOT 8
- ACME error HOT 5
- Configure OCSP response validity when using docker compose HOT 4
- Acme Disable new accounts HOT 4
- Parsing issues running init_ca HOT 2
- OCSP request for unknown cert received HOT 7
- Ability to sign certificate via configurable hook / external HSM HOT 15
- Smartcard Extension 1.3.6.1.4.1.311.25.2 support HOT 1
- The client sent an unacceptable anti-replay nonce :: Bad or invalid nonce HOT 7
- Save private key and ocsp in database HOT 5
- ecc_curve in 'init_ca' command HOT 5
- acme clients not working, bad nonce HOT 7
- multiple SAN attributes not working HOT 3
- CA_PROFILES expiration time is ignored HOT 2
- CRL Issuing Distribution Point (IDP) should be configurable in CertificateRevocationListView HOT 7
- TypeError: cannot pickle 'builtins.ObjectIdentifier' object HOT 3
- Config is not read HOT 2
- Generate CT Certificate Transparency logs HOT 2
- CA_DEFAULT_SUBJECT HOT 2
- Profiles - default, custom and command line HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-ca.