<html>
<head>
<meta content="text/html; charset=ISO-2022-JP"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 10/04/2013 02:06 PM, Nathan Kinder wrote:
<blockquote cite="mid:524F03C3.4080209@redhat.com" type="cite">
<meta content="text/html; charset=ISO-2022-JP"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 10/04/2013 10:44 AM, Dmitri Pal
wrote:<br>
</div>
<blockquote cite="mid:524EFE64.3090803@redhat.com" type="cite">
<meta content="text/html; charset=ISO-2022-JP"
http-equiv="Content-Type">
On 10/04/2013 12:12 PM, Oleg Antonenko wrote:
<blockquote
cite="mid:34A5A0661B86944184C25952A4F1699086920502@Exchange-AMS.adaptivemobile.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-2022-JP">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS PGothic","sans-serif";
color:black;
mso-fareast-language:JA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS Gothic";
color:black;
mso-fareast-language:JA;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:JA;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS PGothic","sans-serif";
color:black;
mso-fareast-language:JA;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;
mso-fareast-language:JA;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:JA;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1229000132;
mso-list-type:hybrid;
mso-list-template-ids:470041860 -2069329846 403243011 403243013 403243009 403243011 403243013 403243009 403243011 403243013;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:20.25pt;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:56.25pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:92.25pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:128.25pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:164.25pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:200.25pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:236.25pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:272.25pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:308.25pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1710646539;
mso-list-type:hybrid;
mso-list-template-ids:735456354 403243009 403243011 403243013 403243009 403243011 403243013 403243009 403243011 403243013;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">That’s
all clear now, thank you Dmitri!<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regarding
our wish list </span><span
style="font-size:11.0pt;font-family:Wingdings;color:#1F497D">J</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Basically
we just have evaluated ejbCA, so we want something
similar but without EJB and heavy weight app server…
i.e. -<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color:
rgb(31, 73, 125);">UI for managing certs</span></p>
</div>
</blockquote>
<br>
Can you define workflows and actors?<br>
Who does what when to the certs?<br>
Are certs associated to users or to devices?<br>
Do you track devices in the CA or somewhere else? <br>
Are users enterprise users (belong to one company) or internet
users (any user from the street)?<br>
<br>
<blockquote
cite="mid:34A5A0661B86944184C25952A4F1699086920502@Exchange-AMS.adaptivemobile.com"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color:
rgb(31, 73, 125);">Support SCEP & OCSP</span></p>
</div>
</blockquote>
<br>
Dogtag supports both. First as a protocol the second one is the
component that can be installed and turned on. <br>
For SCEP do you actually need a SCEP client ? What do you use a
SEP client?<br>
Are there any specific features of the SCEP protocol that are
required that are currently natively not supported by the Dogtag
CA?<br>
<br>
<blockquote
cite="mid:34A5A0661B86944184C25952A4F1699086920502@Exchange-AMS.adaptivemobile.com"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color:
rgb(31, 73, 125);">API for issuing and revoking certs
(cert-based request auth is preferrable) – as we want to
integrate out product for revoking certs</span></p>
</div>
</blockquote>
<br>
The product can be given a keytab and authenticate kerberos to
the IPA. It is very simple and would be easier to accomplish.<br>
API for managing serts for hosts and services already available
in IPA so the question is what the certs are associated with is
very important. <br>
Also certmonger can be used for fetching certs and storing them
in the files or DBs you need.<br>
Are you aware of certmonger?<br>
It can be effectively a whole alternative solution. From your
portal you call Certmonger on the local system via CLI or D-BUS
interface and it gets a cert for you.<br>
But I need to understand the workflow better. If you generate he
PKI pair on you portal and deliver them to a device it is a
perfect solution. If you use client side software on the mobile
platform to send the signing request then it is a different
workflow and you need to send such request to CA.<br>
<br>
<blockquote
cite="mid:34A5A0661B86944184C25952A4F1699086920502@Exchange-AMS.adaptivemobile.com"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color:
rgb(31, 73, 125);">Desirable - Export a key store
(including cert) as PKCS#12, PEM (for manual deployment
of certs on e.g. SSL servers).</span></p>
</div>
</blockquote>
<br>
When and where? During issuance or ability to later export it
from the back end store?<br>
<br>
<blockquote
cite="mid:34A5A0661B86944184C25952A4F1699086920502@Exchange-AMS.adaptivemobile.com"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l1 level1 lfo3"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt;
font-family: "Calibri","sans-serif";
color: rgb(31, 73, 125);">As mentioned earlier we are
planning to use a CA for issuing and delivering certs to
mobile devices via SCEP.</span></p>
</div>
</blockquote>
<br>
I am sorry I am not familiar with the details of the workflow in
this case.<br>
Can you describe the chain of communication between mobile
device, your portal and CA and what protocols used where?<br>
</blockquote>
iOS devices uses SCEP to enroll for certificates. The basic flow
is that you have a "Profile Server", which is responsible for
delivering a XML profile onto the authenticated iOS device. This
XML profile contains details on how the iOS device should contact
the CA via SCEP. When the profile is installed, the SCEP request
is made and the returned certificate is installed. There is a
good visual workflow of this process in this document:<br>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://developer.apple.com/library/ios/documentation/networkinginternet/conceptual/iphoneotaconfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1">https://developer.apple.com/library/ios/documentation/networkinginternet/conceptual/iphoneotaconfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1</a>
<br>
<br>
</blockquote>
<br>
This is very helpful.<br>
So it seems that IPA CA might be used for this as is. The certs
would just not be associeted with any specific entry and leave in
the CA storage.<br>
Do I get it right?<br>
<br>
The trick might be to add additional profile to IPA CA after IPA
installation and use that profile instead of the default one in SCEP
requests.<br>
<br>
Since with Dogtag 10 you have REST API and CLI to add and manage
those profiles and the data is sort of orthogonal to IPA data I do
not see a reason why portal can't integrate those and use them
directly.<br>
<br>
<br>
<blockquote cite="mid:524F03C3.4080209@redhat.com" type="cite"> -NGK<br>
<blockquote cite="mid:524EFE64.3090803@redhat.com" type="cite"> <br>
<blockquote
cite="mid:34A5A0661B86944184C25952A4F1699086920502@Exchange-AMS.adaptivemobile.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So
far we managed to issue certs for iphones via SCEP in
ejbCA and Dogtag (pki-ca 9.0.3-30 package).<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt;
font-family: "Calibri","sans-serif";
color: rgb(31, 73, 125);">Dogtag wins provided we can
carry on using standalone CA services in the future for
free as a part of RHEL IPA…</span></p>
</div>
</blockquote>
<br>
Yes this is a clear winner keeping in mind that we had some
distant plans about the use case you are describing.
Unfortunately we were not able to get a good understanding of
the details of the use case in the past thus so many questions.
Sorry.<br>
<br>
<br>
Thanks<br>
Dmitri<br>
<br>
<blockquote
cite="mid:34A5A0661B86944184C25952A4F1699086920502@Exchange-AMS.adaptivemobile.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Oleg<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> Dmitri Pal [<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:dpal@redhat.com">mailto:dpal@redhat.com</a>]
<br>
<b>Sent:</b> 04 October 2013 16:54<br>
<b>To:</b> Oleg Antonenko<br>
<b>Cc:</b> Nathan Kinder (<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:nkinder@redhat.com">nkinder@redhat.com</a>);
Ciaran Bradley; <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:pki-users@redhat.com">pki-users@redhat.com</a><br>
<b>Subject:</b> Re: [Pki-users] will the new version
of RHCS support RHEL6?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On 10/04/2013 11:48 AM, Oleg Antonenko
wrote: <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi
Dmitri, Nathan,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thank
you for speedy responses.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Could
you please confirm my understanding?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:20.25pt;text-indent:-18.0pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">RHCS
is going to be shipped as a part of RHEL7.x in the
foreseeable future; </span><o:p></o:p></p>
<p class="MsoNormal"><br>
It is not "a part" it is a stand alone product and not
free.<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:20.25pt;text-indent:-18.0pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">IPA
is a free part of RHEL 6.x and will remain as such in
the foreseeable future;</span><o:p></o:p></p>
<p class="MsoNormal"><br>
Correct and same is true for RHEL7.x<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:20.25pt;text-indent:-18.0pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">RHEL
6.x does not ship RHCS, but includes only pki-ca
packages in order to support IPA.</span><o:p></o:p></p>
<p class="MsoNormal"><br>
Correct<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Could
you also clarify your point here ?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><i>The CA portion in RHEL is not
supported by Red Hat for standalone use </i><b><i><span
style="color:red">without an entitlement for the
rest of RHCS</span></i></b><i>, which isn't
available on RHEL 6</i><o:p></o:p></p>
<p class="MsoNormal"><br>
RHCS is a layered product and can be acquired separately.<br>
We do not ship a version of RHCS on top of RHEL6. It is a
big product and takes a lot of time to deliver.<br>
We decided to skip a major RHEL version.<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Does
it mean RHCS is not free?</span><o:p></o:p></p>
<p class="MsoNormal"><br>
Correct.<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regarding
this -</span><o:p></o:p></p>
<p class="MsoNormal"><i>We would be actually very interested
if we can support this use case with core IPA.<br>
Would you be interested in a conversation about this?<br>
<br>
<br>
</i><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Yes,
we’d love to.</span><o:p></o:p></p>
<p class="MsoNormal"><br>
Ok let us have one.<br>
I am sorry, I have not been following the whole thread,
just this mail caught my eye so what kind of functionality
we are looking for?<br>
Can you formulate a "wish list" for your use case assuming
the CA is a part of IPA?<br>
<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Many
thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Oleg</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> <a moz-do-not-send="true"
href="mailto:pki-users-bounces@redhat.com">pki-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
href="mailto:pki-users-bounces@redhat.com">mailto:pki-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Dmitri Pal<br>
<b>Sent:</b> 04 October 2013 16:21<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:pki-users@redhat.com">pki-users@redhat.com</a><br>
<b>Subject:</b> Re: [Pki-users] will the new version
of RHCS support RHEL6?</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">On 10/04/2013 11:08 AM, Oleg Antonenko
wrote: <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi
Nathan,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Could
you please shed some light on the future plans for the
pki-ca portion of RHEL?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Will
it be included in the standard RHEL distribution in the
future?</span><o:p></o:p></p>
<p class="MsoNormal"><br>
Dogtag 10+ will become a RHSC product on top of RHEL7.x <br>
<br>
Some of its portions will be gradually included into IPA
that comes for free with RHEL.<br>
IMO full blown IPA is not that "full blown" in this case.<br>
<br>
We would be actually very interested if we can support
this use case with core IPA.<br>
Would you be interested in a conversation about this?<br>
<br>
Thanks<br>
Dmitri<br>
<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’m
asking because we’re planning to use the CA bit only for
issuing certificates to mobile devices via SCEP. We do
not require any other services or the full blown IPA…</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">With
thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Oleg</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> <a moz-do-not-send="true"
href="mailto:pki-users-bounces@redhat.com">pki-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
href="mailto:pki-users-bounces@redhat.com">mailto:pki-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Nathan Kinder<br>
<b>Sent:</b> 27 September 2013 20:03<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:pki-users@redhat.com">pki-users@redhat.com</a><br>
<b>Subject:</b> Re: [Pki-users] will the new version
of RHCS support RHEL6?</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 09/26/2013 10:25 PM, <span
lang="JA">安 泱</span> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi all,<br>
<br>
I'm a beginner of the dogtag certificate system, dogtag<span
lang="JA">(</span>RHCS<span lang="JA">)</span>is a
wonderful project, but I'm confused about RHCS, could
you give any help?<br>
<br>
The latest version of RHCS is 8.1, which is based on
dogtag 8.1, it supports RHEL5.8, and in RHEL6, pki-ca
9.0.3 was included without the other 5 subsystems, could
you show me the consideration why RHCS do not support
RHEL6? <br>
Is RHEL6 not secure enough or some other reasons<span
lang="JA">?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal">It was simply not a targeted platform
(nor are there plans to release it there). The pki-ca
portion is included for use by IdM (based on the FreeIPA
project).<br>
<br>
Thanks,<br>
-NGK<br>
<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><br>
Regards.<br>
An Yang<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Pki-users mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/pki-users">https://www.redhat.com/mailman/listinfo/pki-users</a><o:p></o:p></pre>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Pki-users mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/pki-users">https://www.redhat.com/mailman/listinfo/pki-users</a><o:p></o:p></pre>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Thank you,<o:p></o:p></pre>
<pre>Dmitri Pal<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Sr. Engineering Manager for IdM portfolio<o:p></o:p></pre>
<pre>Red Hat Inc.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-------------------------------<o:p></o:p></pre>
<pre>Looking to carve out IT costs?<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Thank you,<o:p></o:p></pre>
<pre>Dmitri Pal<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Sr. Engineering Manager for IdM portfolio<o:p></o:p></pre>
<pre>Red Hat Inc.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-------------------------------<o:p></o:p></pre>
<pre>Looking to carve out IT costs?<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>