[Freeipa-devel] certmonger EST RFC7030 support possible ?
Rob Crittenden
rcritten at redhat.com
Fri Jul 29 15:10:28 UTC 2016
Marx, Peter wrote:
> Hi,
>
> we are using certmonger with SCEP. But SCEP does not support Elliptic
> curve keys, only RSA.
>
> The successor protocol EST (Enrollment over Secure Transport) would
> support ECC.
>
> Is a EST helper for certmonger/getcert on the roadmap ?
No. I added a ticket to track it,
https://fedorahosted.org/certmonger/ticket/53
> If yes, when ?
>
> How complicated is it to create such a helper around the Cisco
> open-sourced libest ?
Hard to say without digging into the library. The library was
open-sourced less than 3 weeks ago AFAICT.
Practically this also means someone will need to package it for the
various Linux distributions.
rob
More information about the Freeipa-devel
mailing list