Fedora CA Project
Dennis Gilmore
dennis at ausil.us
Tue Mar 25 23:41:14 UTC 2008
On Tuesday 25 March 2008, seth vidal wrote:
> On Tue, 2008-03-25 at 19:26 -0400, Jeremy Katz wrote:
> > On Tue, 2008-03-25 at 18:04 -0500, Dennis Gilmore wrote:
> > > So this is a brief overview of whats needed. Im going to open the
> > > floor for a week for open discussion on how we should best do this.
> >
> > I don't have the details[1], but we should ensure if we're fixing our
> > certificate infrastructure that we do it in such a way that the serials
> > on our certs are reasonable and that they can be used for things like
> > signing mail.
We have to have proper serials to be able to revoke certificates so yes that
is part of it.
> Have we just setup an instance of the certificate server code rh just
> released?
>
> Alternatively (and I probably wouldn't recommend this for user certs) we
> could use/hack on certmaster to be able to handle these requests.
>
> it's definitely returning certs w/proper serials, etc.
We have not set anything up yet but dogtag-pki is at pki.fedoraproject.org
is the code that RH just released. its something that we should evaluate.
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20080325/5bb75909/attachment.bin
More information about the infrastructure
mailing list