[Freeipa-devel] cert-find design
Rob Crittenden
rcritten at redhat.com
Thu Nov 15 14:54:25 UTC 2012
Simo Sorce wrote:
> On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote:
>> There is currently no way to search for a certificate. You can only look
>> it up if you already know the serial number.
>>
>> Dogtag 10 has a fresh API which makes searching very easy. I've started
>> designing a search interface here: http://freeipa.org/page/Cert_find
>>
>> Comments welcome.
>
> CAn you move it under V3/ that's where we agreed to put new designs for
> the v3 series
Fixed.
>
>> I was able to create a proof-of-concept (minus date options) using this
>> API in about 90 minutes.
>
> Great!
>
> Question, how is authentication done ?
> Or is this all public information that can be freely obtained
> anonymously ?
> Or will we provide access control in the IPA API and let the dogtag REST
> interface be available only on localhost ?
IMHO issued certificates are public, no point in adding a
role/permissions to protect the search of them.
The dogtag port is 8080 for this which I believe one doesn't need to
open in the firewall, so only authenticated IPA users would have access.
rob
More information about the Freeipa-devel
mailing list