[Fedora-directory-users] FDS & Red Hat Certificate System
Susan
logastellus at yahoo.com
Wed Mar 29 21:55:37 UTC 2006
--- Richard Megginson <rmeggins at redhat.com> wrote:
> Susan wrote:
> > Hi, everyone. I think this subject has been briefly raised before but I've more questions.
> >
> > Can RHCS be used to hand out CA certs to Unix clients (linux/solaris)?
> >
> Yes. You go to the RHCS web interface, click "Get CA Cert Chain", and
> you can download or copy/paste the CA cert for use with client apps (or
> importing into your web browser or email program or etc.). This assumes
> you are using RHCS as your CA.
well, I'm speaking strictly of ldap clients. Browsers I don't care about.
> > Has anybody done this?
> >
> We used this extensively at Netscape.
to automatically hand out CA certs to ldap clients upon request?
> > Right now no certs are
> > deployed on the clients, we're using them only for SSL traffic encryption.
> >
> Do you mean client cert auth?
well, no. We don't care whether the clients misrepresent themselves. We care if the FDS
misrepresents itself.
> CA certs or client certs? For the CA cert problem, AFAIK, there is no
> way around it - you have to configure your clients to trust your CA one
> way or another. You can mitigate this somewhat by going through the
> process of getting a real CA cert from one of the trusted root CAs
> listed in your web browser or email client.
yea but what about ldap clients? AFAIK no ldap client implicitly trusts verisign or anything like
that. So, even if I do get a real CA cert, will a plain vanilla FC4 install trust it? I'm
guessing no....?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list