diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 28 |
1 files changed, 14 insertions, 14 deletions
@@ -30,25 +30,25 @@ proprietary). As a user, I want to be able to: 1. Generate a CA cryptography key-pair and its corresponding X.509 certificate -into the program and view it. The private key must not be displayed or exported -in any format under any circumstances for security purposes. + into the program and view it. The private key must not be displayed or exported + in any format under any circumstances for security purposes. 2. Input CSRs, edit the certificate properties (e.g., subject, not before, -not after, serial, key usage, extended key usage, X.509v3 extensions, etc.), -sign it using the CA private key, and get the signed certificate in DER or -PEM-encoded-DER formats; then add that certificate to the signed-certs list. + not after, serial, key usage, extended key usage, X.509v3 extensions, etc.), + sign it using the CA private key, and get the signed certificate in DER or + PEM-encoded-DER formats; then add that certificate to the signed-certs list. 3. List all the certificates this CA had signed, view their properties, and -optionally revoke any of them with a corresponding PKCS#10 reason. The -certificates must not be deleted from the list under any circumstances but -only revoked because some future administrators or the legal team may need -to audit it. + optionally revoke any of them with a corresponding PKCS#10 reason. The + certificates must not be deleted from the list under any circumstances but + only revoked because some future administrators or the legal team may need + to audit it. 4. Publish base CRLs. 5. Add, enable, disable, or remove custom certificate templates (also called -policies) that constraints what each type of certificates can and cannot have -and their properties (e.g., TLS server certificates vs user logon certificates -must be different in many ways), and the user will be able to choose which -template they use after CSR input. + policies) that constraints what each type of certificates can and cannot have + and their properties (e.g., TLS server certificates vs user logon certificates + must be different in many ways), and the user will be able to choose which + template they use after CSR input. 6. View audit logs like who did what at what time for legal audit uses. Audit -log entries must never be deleted. + log entries must never be deleted. For example, the user can add arbitrary number of `Cert`'s into a `CA` container, upon each successful sign. |