[Pulp-list] pulp certificates
Bryan Kearney
bkearney at redhat.com
Mon Aug 23 16:28:25 UTC 2010
On 08/23/2010 11:40 AM, Jeff Ortel wrote:
>
>
> On 08/23/2010 09:39 AM, Bryan Kearney wrote:
>> On 08/23/2010 10:00 AM, Jeff Ortel wrote:
>>> All,
>>>
>>> I propose we move to combining the private key and certificates into a
>>> single PEM encoded file. This is a very common practice in PKI. It seems
>>> cleaner and would require less files to manage. I verified that having
>>> the key and cert combined in a single file is supported by both yum and
>>> M2Crypto. Moving to the combined file would reduce the number of CLI
>>> arguments and allow us to store (1) certificate property in each Repo
>>> object.
>>>
>>> Thoughts? Objections?
>>>
>>
>> Would you do this across all certs (identity, entitlement, content)?
>
> Yes, I would like to.
>
> Also, we agreed (at one time) to refit RHSM to combine the certificates.
> I still intend to follow up on that as well. That way for kalpana, we'll
> be handling keys and certificates the same way across the board.
>
I am all for it. We have looked at changing puppet to use the identity
certs as well.. I would be interested in testing that first. Could I
have a few days to do that?
-- bk
More information about the Pulp-list
mailing list