[Fedora-directory-users] FDS & Red Hat Certificate System
Susan
logastellus at yahoo.com
Wed Mar 29 22:08:26 UTC 2006
--- Mike Jackson <mj at sci.fi> wrote:
> > What's the best way to go about doing this? I don't want to manually create/deploy dozens of
> > certs for various clients. I also need a way to implement CRL somehow, in case a box is
> > comprosmised.
>
> Your clients don't need certificates, they only need a copy of your root
> CA cert - the same file for every client.
right, I think I was confused on that point. I meant to say that I don't want to deploy the CA
cert to dozens of clients. So, forget the CRL, then...
Because we have about 60 servers total. Now, /etc/openldap/cacerts/ is writable by root only and
I'd have to do some serious expect/perl scripting to ssh into every machine, accept the key, su -
root, scp the CA cert, log out. I really don't want to do this if I don't have to.
So, are you saying I can use openSSL + linux openldap client to do this automagically?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list