Simo Sorce wrote:
On Wed, 2012-11-14 at 17:36 -0500, Rob Crittenden wrote:
There is currently no way to search for a certificate. You can only look
it up if you already know the serial number.

Dogtag 10 has a fresh API which makes searching very easy. I've started
designing a search interface here:

Comments welcome.

CAn you move it under V3/ that's where we agreed to put new designs for
the v3 series


I was able to create a proof-of-concept (minus date options) using this
API in about 90 minutes.


Question, how is authentication done ?
Or is this all public information that can be freely obtained
anonymously ?
Or will we provide access control in the IPA API and let the dogtag REST
interface be available only on localhost ?

IMHO issued certificates are public, no point in adding a role/permissions to protect the search of them.

The dogtag port is 8080 for this which I believe one doesn't need to open in the firewall, so only authenticated IPA users would have access.


Freeipa-devel mailing list

Reply via email to