TODO

TO DO, IN NO PARTICULAR ORDER:

Add CA certificate renewal to sysadmin script (ca/admin/index.php)

Add paging features to Certificate Management Control Panel instead of
having all certificates listed on a single page. This is not really
very necessary unless one will be issuing hundreds of certificates.  Even
with 200 certificates, the control panel display is very manageable.

Use a relational database such as MySQL to maintain the certificate database
instead using the built-in OpenSSL CA feature.  This will only be necessary
if it turns out that the built in OpenSSL CA doesn't perform well.

More documentation and help files.

Support multi-homed server certificates


ANCA'S TODO:

Figure out why gpvar() doesn't initialize variables as it should (at least with empty string).

Replace regex search function eregi() by preg_match() and adjust regex patterns accordingly.

Remove repopulation of password field after error for security.

Reintroduce SSL mode for accessing the page. 

Implement a better password storage solution (check apache's current method).

Fix bug that prevents certs older than a week to display in the Control Panel. <=> Figure out why Iceweasel can't display the list of certs in the manage_certs.php page sometimes, while in Chrome and Firefox it works.

Warn user not to use special characters like § or ß in the password (tests with $ / \ ' " worked fine).

What about umlauts in common name? Currently they get converted somehow (maybe by escshellargs?) into code like \xC4\x45

The default signature algorithm is set as default_md = md5 in the conf file and the Signature Algorithm in certs appears to be sha1WithRSAEncryption. This needs to change to sha512. Generally, the  Signature Algorithm needs to be sha512WithRSAEncryption. Investigate how this can be changed and what its implications are, considering the CA key can't be changed at present.