On Tuesday 25 March 2008, seth vidal wrote: > On Tue, 2008-03-25 at 19:26 -0400, Jeremy Katz wrote: > > On Tue, 2008-03-25 at 18:04 -0500, Dennis Gilmore wrote: > > > So this is a brief overview of whats needed. Im going to open the > > > floor for a week for open discussion on how we should best do this. > > > > I don't have the details, but we should ensure if we're fixing our > > certificate infrastructure that we do it in such a way that the serials > > on our certs are reasonable and that they can be used for things like > > signing mail. We have to have proper serials to be able to revoke certificates so yes that is part of it. > Have we just setup an instance of the certificate server code rh just > released? > > Alternatively (and I probably wouldn't recommend this for user certs) we > could use/hack on certmaster to be able to handle these requests. > > it's definitely returning certs w/proper serials, etc. We have not set anything up yet but dogtag-pki is at pki.fedoraproject.org is the code that RH just released. its something that we should evaluate. Dennis
Description: This is a digitally signed message part.