1.15.0 (2020-01-11)

  • Add support for Django 3.0.

  • The Docker image is now based on Alpine Linux 3.11.

  • The default project now supports configuring django-ca using YAML configuration files. Configuration using localsettings.py is now deprecated and will be removed in django-ca>=1.18.0.

  • Start supporting Celery tasks to allow running tasks in a distributed, asynchronous task queue. Some tasks will automatically be run with Celery if it is enabled. Celery is used automatically if installed, but can always be disabled by setting CA_USE_CELERY=False.

  • Drop dependency six (since we no longer support Python 2.7).

  • Allow caching of CRLs via manage.py cache_crls.

  • The manage.py init_ca command will now automatically cache CRLs and generate OCSP keys for the new CA.

  • Support POSTGRES_* and MYSQL_* environment variables to configure database access credentials in the same way as the Docker images for PostgreSQL and MySQL do.

  • There now are setuptools extras for redis and celery, so you can install all required dependencies at once.

  • Add CA_PASSWORDS setting to allow you to set the passwords for CAs with encrypted private keys. This is required for automated tasks where the private key is required.

  • Add CA_CRL_PROFILES setting to configure automatically generated CRLs. Note that this setting will likely be moved to a more general setting for automatic tasks in future releases.

  • django_ca.extensions.AuthorityKeyIdentifier now also supports issuers and serials.

  • parse_general_name() now returns a GeneralName unchanged, but throws an error if the name isn’t a str otherwise.

  • New class django_ca.utils.GeneralNameList for extensions that store a list of general names.

  • Add support for the django_ca.extensions.FreshestCRL extension.

  • Store CA private keys in the ca/ subdirectory by default, the directory can be configured using manage.py init_ca --path=....

Backwards incompatible changes

  • Drop support for Python 2.7.

  • Drop support for cryptography 2.5 and 2.6.

  • Drop support for Alpine 3.8 (because PostgreSQL and MySQL depend on LibreSSL).

  • Removed the manage.py migrate_ca command. If you upgrade from before 1.12.0, upgrade to 1.14.0 first and update the file storage setting.

  • Removed the ca_crl setting in CertificateRevocationListView, use scope instead.

Docker

  • Add a docker-compose.yml file to quickly launch a complete service stack.

  • Add support for Celery, MySQL, PostgreSQL and Redis.

  • Change the working directory to /usr/src/django-ca/ca, so manage.py can now be invoked using python manage.py instead of python ca/manage.py.

  • Add a Celery startup script (./celery.sh).

  • Add a NGINX configuration template at nginx/default.template.

  • Static files are now included in a “collected” form, so they don’t have to collected on startup.

  • Generate OCSP keys and cache CRLs on startup.

  • Use BuildKit to massively speed up the Docker image build.

Bugfixes

  • Fix generation of CRLs and OCSP keys for CAs with a DSA private key.

  • Fix storing an empty list of CRL URLs in some corner cases (when the function receives an empty list).

  • Fix naming CAs via serial on the command line if the serial starts with a zero.

  • Consistently style serials in a monospace font in admin interface.

  • The ocsp profile used for OCSP keys no longer copies the CommonName (which is the same as in the CA) to to the SubjectAlternativeName extension. The CommonName is frequently a human-readable name in CAs.

Deprecation notices

  • This is the last release to support Django 1.11 and 2.1.

  • The Django project included in this git repository will stop loading localsetttings.py files in django-ca>=1.18.0.

  • Certificate.objects.init() and get_cert_profile_kwargs() were deprecated in 1.14.0 and will be removed in django-ca==1.16.0. Use Certificate.objects.create_cert() instead.

  • The format for the CA_PROFILES setting has changed in 1.14.0. Support for the old format will be removed in django-ca==1.17.0. Please see previous versions for migration instructions.