On Tuesday 25 March 2008, seth vidal wrote:
On Tue, 2008-03-25 at 19:26 -0400, Jeremy Katz wrote:
> On Tue, 2008-03-25 at 18:04 -0500, Dennis Gilmore wrote:
> > So this is a brief overview of whats needed. Im going to open the
> > floor for a week for open discussion on how we should best do this.
>
> I don't have the details[1], but we should ensure if we're fixing our
> certificate infrastructure that we do it in such a way that the serials
> on our certs are reasonable and that they can be used for things like
> signing mail.
We have to have proper serials to be able to revoke certificates
so yes that
is part of it.
Have we just setup an instance of the certificate server code rh
just
released?
Alternatively (and I probably wouldn't recommend this for user certs) we
could use/hack on certmaster to be able to handle these requests.
it's definitely returning certs w/proper serials, etc.
We have not set anything
up yet but dogtag-pki is at
pki.fedoraproject.org
is the code that RH just released. its something that we should evaluate.
Dennis