Fedora CA Project
Jeremy Katz
katzj at redhat.com
Wed Mar 26 02:16:29 UTC 2008
On Tue, 2008-03-25 at 19:37 -0400, Ricky Zhou wrote:
> On 2008-03-25 06:04:16 PM, Dennis Gilmore wrote:
> > Products to be evaluated:
> >
> > http://pki.fedoraproject.org/wiki/PKI_Main_Page
> > https://www.openca.org/
> > http://ejbca.sourceforge.net/
> > Something custom
> We took a quick look at some of these in IRC, and I'd personally prefer
> something that doesn't use LDAP for storage (since we didn't end up
> going with LDAP for FAS, and it seems like overkill for just the CA).
Even not using LDAP for all of FAS, there's still a lot of things we
could export from the db -> ldap to be more easily used and accessible.
So I wouldn't discount LDAP just because it's not the backing store of
FAS.
> I haven't looked too deeply yet, but I'm currently leaning towards
> something custom. Would certmaster possibly be a good project to work
> on for providing this kind of functionality?
Also, going off and building our own thing feels like it's going to be a
long-term detriment. Some of the bits for proper CRLs and the like are
not trivial and very important to get "right"
Jeremy
More information about the infrastructure
mailing list