Marx, Peter wrote:

we are using certmonger with SCEP. But SCEP does not support Elliptic
curve keys, only RSA.

The successor protocol EST (Enrollment over Secure Transport) would
support ECC.

Is a EST helper for certmonger/getcert on the roadmap ?

No. I added a ticket to track it,

If yes, when ?

How complicated is it to create such a helper around the Cisco
open-sourced libest ?

Hard to say without digging into the library. The library was open-sourced less than 3 weeks ago AFAICT.

Practically this also means someone will need to package it for the various Linux distributions.


Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA:

Reply via email to