securing FAS certs

Toshio Kuratomi a.badger at
Thu Aug 21 18:44:41 UTC 2008

Hey bright idea bringers!

The Fedora Certificates issued by FAS are currently set to be 
autogenerated if you have an account in FAS.  This has one drawback.  We 
have to keep the password for the CA keys that sign the FAS certificates 
in a file on the filesystem so that the automatic signing can use them.

Has anyone else had to confront this problem?  Right now I'm thinking of 
coding something that involves human interaction to sign the certs and 
send email notifying people when their cert is ready to download. 
That's certainly doable, but introduces a wait time that isn't in the 
current design.  I'd love input on better ways to do this.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Fedora-infrastructure-list mailing list