[Pki-users] keygen support in RA
Andrew Wnuk
awnuk at redhat.com
Wed Jun 8 23:43:06 UTC 2011
On 06/08/2011 04:22 PM, Mike Helm wrote:
> No we haven't but thanks for that tip - will definitely look into this.
>
> My_guess_ at this point is that the platform can't generate the keys,
> it needs to get them from somewhere else. Having never used SCEP I don't
> know if the ipad platform can use a bare key pair to craft a signed SCEP
> request or not. Otherwise, I read the page as discussing various methods the ipad
> can use to download a certificate from a smarter one - like your Mac laptop.
> However, the page doesn't seem to distinguish the private key handling from
> cert handling, so....
>
> Hand-me-down certificates fit our working scenarios today but we'll soon have customers that
> want to conduct these transactions directly on their mobile platform. I think that'll
> mean we have to have a key pair generator or some other trusted service.
>
> Thanks, ==mwh
Here is an interesting quote from above pdf file:
/... iPad generates a certificate enrollment request using the
SCEP protocol. This SCEP enrollment request talks directly to the
enterprise certificate
authority and enables iPad to receive the identity certificate from
the certificate authority
in response. ...
/
which means that follows SCEP (included in Dogtag) and general PKI rules.
Thank you,
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20110608/2d0f793d/attachment.htm>
More information about the Pki-users
mailing list