## Server props
- default DN parts: country, state, city, org, OU
- "customizable" flags for DN parts
- flag: use client-to-client
- force cipher, tls-cipher, auth params
- server name
- default certification duration
- default certificate algo

## User props
- username (CN part)
- password
- custom DN parts: country, state, city, org, OU
- email (DN part)
- tags

## User tags
- admin: administrator
- login: can log into the web interface
- issue: can certify own devices (without approval)
- renew: can renew certificates for own devices (without approval)

## Device props
- name (CN part)
- type (icon)
- approved: bool
- expiry

## Device status
- created (approved = NULL): device has been newly created
- requested (approved = false): certificate has been requested (issue or renew)
- issued (approved = true): certificate has been granted (may be expired)

## Permissions
- admin cannot "admin" itself (to prevent self decapitation)
- admin can "edit", "admin" and "create" everything else
- user can "edit" itself and its devices
- user can "create" devices for itself

### User
- edit: change DN parts, password
- admin: add or remove tag, delete, generate password

### Device
- edit: change type, delete, request
- admin: approve