0.7      - Generate both PKCS#12 and JKS stores for Java
         - Local certs keep out of band trust when copied to system certs
         - Remove use of .old files/directories
0.6      - Allow use of proxy with OpenSSL s_client
         - Really check revision before download
         - Make sure download was successful before testing values
0.5      - Install systemd timer and service units
         - Add uninstall and clean targets
0.4      - Add email and code signing flat file certificate stores
0.3      - Generate single file stores (Java and GNUTLS) using main OpenSSL
           store as source to avoid duplicates
0.2      - Install source certdata.txt file
         - Provide -r/--rebuild option
         - Add -g/--get option to download using only s_client
         - Always add REVISION value to installed certdata.txt
         - Use HG revision value (fall back to date for local files)
         - Allow rebuid within DESTDIR
         - Complete manpage
0.1      - Check executable bit for CERTUTIL, KEYTOOL, and OPENSSL
         - Allow global configuration file
         - Use correct license text (MIT)
20170425 - Use p11-kit format anchors
         - Add CKA_NSS_MOZILLA_CA_POLICY attribute for p11-kit anchors
         - Add clientAuth OpenSSL attribute and (currently unused) NSS
           CKA_TRUST_CLIENT_AUTH
20170119 - Show trust bits on local certs
         - Add version output for help2man
20161210 - Add note about --force swich when same version
20161126 - Add -D/--destdir switch
20161124 - Add -f/--force switch to bypass version check
         - Add multiple switches to allow for alternate localtions
         - Add help text
20161118 - Drop make-cert.pl script
         - Add support for Java and NSSDB