Fedora CA Project
Ricky Zhou
ricky at fedoraproject.org
Tue Mar 25 23:37:37 UTC 2008
On 2008-03-25 06:04:16 PM, Dennis Gilmore wrote:
> Products to be evaluated:
>
> http://pki.fedoraproject.org/wiki/PKI_Main_Page
> https://www.openca.org/
> http://ejbca.sourceforge.net/
> Something custom
We took a quick look at some of these in IRC, and I'd personally prefer
something that doesn't use LDAP for storage (since we didn't end up
going with LDAP for FAS, and it seems like overkill for just the CA).
I haven't looked too deeply yet, but I'm currently leaning towards
something custom. Would certmaster possibly be a good project to work
on for providing this kind of functionality?
> FAS will need modification to work with the new framework. I also want to
> allow fedora-packager-setup to grab the cert directly rather than having the
> user manually do it. probably with a flag for when to get a new cert.
Would you want to request this directly from the CA, or would that not
be exposed (and it would all communicate through FAS?) If you want to
go through FAS, I have something that should work starting from the next
releases of python-fedora and FAS (and it'd just stay the same once
we've modified FAS to talk to an external CA).
Thanks,
Ricky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20080325/e9add937/attachment.bin
More information about the infrastructure
mailing list