[Freeipa-users] Elliptic curves with the CA
mees virk
meesvirk at outlook.com
Mon Sep 16 10:05:48 UTC 2013
Hello all,
Is it possible to setup the FreeIPA's CA use ECC cryptographic methods (ECDSA & co) instead of RSA? That includes generating ECC CA certificates, and so on.
I don't think I was given any option towards this in the default installation process. Would appreciate instructions and/or pointers towards this.
Also, can the default generated RSA CA switched later to ECC/ECDSA?
Why doesn't the CA allow cross-signing (RSA/ECDSA hybrid keychains) certificates? It seems to validate the types, although it is not strictly forbidden as crypthographic practice (mostly just inconvenient, but it's legal). I gave the CA ECC CSR (generated by openSSL on one of the servers), and to my amazement it failed to sign it properly complaining about the type not being RSA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130916/f9702913/attachment.htm>
More information about the Freeipa-users
mailing list