[Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys
Adam Young
ayoung at redhat.com
Wed Aug 3 18:29:22 UTC 2011
On 08/03/2011 01:16 PM, Ian Stokes-Rees wrote:
>
>
> On 8/3/11 12:38 PM, Adam Young wrote:
>> I think what you are interested in is the Data Recovery Manager
>> (DRM...hey, we had the acronym first, but we also call it Key
>> Recovery ) aspect of Certificate Server.
>
> That is awesome. That is exactly what I want.
>
> Do you have experience with this? If so, does it work if the
> certificate requests are being handled by an external entity? We use
> a Department of Energy CA located in California, but the users in our
> community are from across the US (and international), and we're
> looking to improve the process of them acquiring a usable "identity"
> in a federated environment. We're using FreeIPA internally, but if we
> can link it in to the cert request process and cert mgmt process (from
> the user end, not the CA end) that would be great.
>
> Ian
Experience? I've been on the Dogtag project for over a week now. I'm
learning about it as we speak.
The place to ask about Dogtag and the pki products is
pki-users at redhat.com
<http://www.redhat.com/mailman/listinfo/pki-users> and the IRC Channel
on freednode is *#dogtag-pki.
*Integrating KRA into IPA is on the map, although I am not sure the
timeframe. However, I suspect that our approach would be assuming you
wanted your own CA. Not sure if you can do KRA with**an external CA.*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110803/ffc908d4/attachment.htm>
More information about the Freeipa-users
mailing list