[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora CA Project

On Tue, 2008-03-25 at 19:37 -0400, Ricky Zhou wrote:
> On 2008-03-25 06:04:16 PM, Dennis Gilmore wrote:
> > Products to be evaluated:
> > 
> > http://pki.fedoraproject.org/wiki/PKI_Main_Page  
> > https://www.openca.org/
> > http://ejbca.sourceforge.net/
> > Something custom
> We took a quick look at some of these in IRC, and I'd personally prefer
> something that doesn't use LDAP for storage (since we didn't end up
> going with LDAP for FAS, and it seems like overkill for just the CA).  

Even not using LDAP for all of FAS, there's still a lot of things we
could export from the db -> ldap to be more easily used and accessible.
So I wouldn't discount LDAP just because it's not the backing store of

> I haven't looked too deeply yet, but I'm currently leaning towards
> something custom.  Would certmaster possibly be a good project to work
> on for providing this kind of functionality?  

Also, going off and building our own thing feels like it's going to be a
long-term detriment.  Some of the bits for proper CRLs and the like are
not trivial and very important to get "right"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]