[Pki-devel] Dogtag
Matthew Harmsen
mharmsen at redhat.com
Thu Jun 14 00:20:36 UTC 2012
On 06/13/12 15:02, Bob St. Clair wrote:
> All,
>
> Is this internal only?
>
No - pki-devel is a public mailing list
> I have a customer that wants to use smart cards in their own linux
> environment. They will need to issue their own certs on their smart
> cards.
>
> Since certificate system has certain requirements... Can a customer
> use Fedora dogtag in a RHEL 6.2 IDM environment? It would not be
> supported, but would it work?
>
A non-GUI set of Dogtag 9 "pki-core" packages (including "pki-ca") are
part of the RHEL 6 release as used by IPA, but they are not intended to
be used as a stand-alone certificate system.
We don't presently supply EPEL packages for the Dogtag GUI nor any of
the other PKI subsystems for RHEL 6, nor are we likely to for the
foreseeable future.
A customer would simply need to install any additional packages and see
if they work; they would need to replace the "ipa-theme" non-GUI
packages with "dogtag-theme" GUI packages, and add the Fedora versions
of "pki-kra", "pki-ocsp", "pki-tks", "pki-console", "pki-ra", and/or
"pki-tps" packages as needed to support the other PKI subsystems.
There might be an issue if the customer attempted to use some of the
Fedora "pki-core" packages such as "pki-selinux" as these may be based
upon a version of SELinux that is newer in Fedora. Less likely, although
possible, the "pki-tps" compiled for certain versions of Fedora could be
non-compatible with the RHEL 6 platform.
I do not know if replacement of the non-GUI packages with GUI packages
would disable the customer's ability to utilize IPA on their RHEL 6
installation (I would not think so, but I have never tried it).
-- Matt
> Thanks,
> Bob
>
More information about the Pki-devel
mailing list