1.6.0 (2017-04-21)
New features and improvements
Support CSRs in DER format when signing a certificate via manage.py sign_cert.
Support encrypting private keys of CAs with a password.
Support Django 1.11.
Allow creating CRLs of disabled CAs via manage.py dump_crl.
Validate DNSNames when parsing general names. This means that signing a certificate with CommonName that is not a valid domain name fails if it should also be added as SubjectAlternativeName extension (see
--cn-in-sanoption).When configuring
OCSPView, the responder key and certificate are verified during configuration. An erroneous configuration thus throws an error on startup, not during runtime.The test suite now tests certificate signatures itself via
pyOpenSSL, so an independent library is used for verification.
Bugfixes
Fix the
authorityKeyIdentifierextension when signing certificates with an intermediate CA.Fix creation of intermediate CAs.