1.6.0 (2017-04-21)

New features and improvements

  • Support CSRs in DER format when signing a certificate via manage.py sign_cert.

  • Support encrypting private keys of CAs with a password.

  • Support Django 1.11.

  • Allow creating CRLs of disabled CAs via manage.py dump_crl.

  • Validate DNSNames when parsing general names. This means that signing a certificate with CommonName that is not a valid domain name fails if it should also be added as SubjectAlternativeName extension (see --cn-in-san option).

  • When configuring OCSPView, the responder key and certificate are verified during configuration. An erroneous configuration thus throws an error on startup, not during runtime.

  • The test suite now tests certificate signatures itself via pyOpenSSL, so an independent library is used for verification.

Bugfixes

  • Fix the authorityKeyIdentifier extension when signing certificates with an intermediate CA.

  • Fix creation of intermediate CAs.