[Pki-users] Usage Clarification
Nathanael D. Noblet
nathanael at gnat.ca
Thu Jan 19 18:26:57 UTC 2012
Hello,
So I'm rather new to pki-dogtag. I've installed it on a VM to try out
since we are developing a product that requires a number of certificates
but none of them need to be signed by a trusted browser CA like verisign.
We currently are using puppet and func which generate their own
certificate requests and get signed by system that has generated its own
certificate. We are also looking at issuing certificates for systems
like yum to retrieve updates from servers which would also check for
client certificates etc.
This brings me to my two questions.
#1 - given the above, is dog tag able to deal with these certificates (I
am so far under the impression that indeed it can)
#2 - How does one request a certificate from the installed pki-ca?
Reading http://tinyurl.com/7vujpqa [1] implies that the system/person
requesting a certificate would submit some form of authentication.
Whether this be LDAP, PIN-based or certificate based. Can I not simply
have the certificate manager tell me of pending certificate requests? I
don't expect any device to request a certificate without me knowing it
needs one an initiating the process somehow, so the added authentication
seems un-needed in my case.
At the moment I'm used to puppet or func you have a puppetca function
that can tell me the certificate signing requests pending approval, is
this workflow fundamentally different than dogtag?
[1]
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/7.3/html/Administration_Guide/Administration_Guide-Certificate_Manager.html
--
Nathanael d. Noblet
t 403.875.4613
More information about the Pki-users
mailing list