[Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys

Ian Stokes-Rees ijstokes at hkl.hms.harvard.edu
Wed Aug 3 17:16:28 UTC 2011



On 8/3/11 12:38 PM, Adam Young wrote:
> I think what you are interested in is the Data Recovery Manager
> (DRM...hey, we had the acronym first, but we also call it Key
> Recovery  )  aspect of Certificate Server.

That is awesome.  That is exactly what I want.

Do you have experience with this?  If so, does it work if the
certificate requests are being handled by an external entity?  We use a
Department of Energy CA located in California, but the users in our
community are from across the US (and international), and we're looking
to improve the process of them acquiring a usable "identity" in a
federated environment.  We're using FreeIPA internally, but if we can
link it in to the cert request process and cert mgmt process (from the
user end, not the CA end) that would be great.

Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110803/ea948ecf/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ijstokes.vcf
Type: text/x-vcard
Size: 380 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110803/ea948ecf/attachment.vcf>


More information about the Freeipa-users mailing list