2.0.0 (2024-09-29)

General

Add (preliminary) support for storing private keys in a hardware security module (HSM). See Key backends for more information.

Subjects are now parsed in the RFC 4514 format by default. Subjects in the OpenSSL-style format are still supported via the --subject-format=openssl option, but support for it will be removed in 2.0.0.
Removed the convert_timestamps command (deprecated since 1.28.0).

Add support for Django~=5.1.0, cryptography~=43.0 and pydantic~=2.8.0 and pydantic~=2.9.0.
BACKWARDS INCOMPATIBLE: Dropped support for pydantic<2.7.0, acme~=2.9.0 and Celery~=5.3.0.
Remove the psycopg3 pip extra, use the postgres extra instead.
Drop support for Alpine 3.17.

parse_encoding() no longer accepts an already parsed Encoding.
django_ca.utils.parse_expires() and django_ca.utils.parse_key_curve where removed.
CertificateAuthorityManager.objects.init() no longer accepts int or timedelta for expires. Pass a timezone-aware object instead.
Profile no longer accepts unparsed extension values:
- An int for expires - pass a timedelta instead.
- A str or iterable of str-tuples for subject - pass a Name instead.
- Deprecated extensions formats in extensions.
Note that this does not affect configuration in settings, as these values are parsed before passed to this class.
create_cert() no longer accepts int for expires. Pass a timedelta instead.

This will be the last release to support pydantic~=2.7.0, pydantic~=2.8.0, cryptography~=42.0 and acme~=2.10.0.
django_ca.utils.get_storage() will be removed in 2.2.0.