[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora CA Project

On 2008-03-25 06:04:16 PM, Dennis Gilmore wrote:
> Products to be evaluated:
> http://pki.fedoraproject.org/wiki/PKI_Main_Page  
> https://www.openca.org/
> http://ejbca.sourceforge.net/
> Something custom
We took a quick look at some of these in IRC, and I'd personally prefer
something that doesn't use LDAP for storage (since we didn't end up
going with LDAP for FAS, and it seems like overkill for just the CA).  

I haven't looked too deeply yet, but I'm currently leaning towards
something custom.  Would certmaster possibly be a good project to work
on for providing this kind of functionality?  

> FAS will need modification to work with the new framework.  I also want to 
> allow fedora-packager-setup  to grab the cert directly rather than having the 
> user manually do it.  probably with a flag for when to get a new cert. 
Would you want to request this directly from the CA, or would that not
be exposed (and it would all communicate through FAS?)  If you want to
go through FAS, I have something that should work starting from the next
releases of python-fedora and FAS (and it'd just stay the same once
we've modified FAS to talk to an external CA).


Attachment: pgphD4bWANuze.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]