Simo Sorce wrote:
On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote:
There is currently no way to search for a certificate. You can only look
it up if you already know the serial number.
Dogtag 10 has a fresh API which makes searching very easy. I've started
designing a search interface here: http://freeipa.org/page/Cert_find
CAn you move it under V3/ that's where we agreed to put new designs for
the v3 series
I was able to create a proof-of-concept (minus date options) using this
API in about 90 minutes.
Question, how is authentication done ?
Or is this all public information that can be freely obtained
Or will we provide access control in the IPA API and let the dogtag REST
interface be available only on localhost ?
IMHO issued certificates are public, no point in adding a
role/permissions to protect the search of them.
The dogtag port is 8080 for this which I believe one doesn't need to
open in the firewall, so only authenticated IPA users would have access.
Freeipa-devel mailing list