On 08/03/2011 01:16 PM, Ian Stokes-Rees wrote:
Experience? I've been on the Dogtag project for over a week now. I'm
learning about it as we speak.
On 8/3/11 12:38 PM, Adam Young wrote:
I think what you are interested in is the Data Recovery Manager
(DRM...hey, we had the acronym first, but we also call it Key
Recovery ) aspect of Certificate Server.
That is awesome. That is exactly what I want.
Do you have experience with this? If so, does it work if the
certificate requests are being handled by an external entity? We use
a Department of Energy CA located in California, but the users in our
community are from across the US (and international), and we're
looking to improve the process of them acquiring a usable "identity"
in a federated environment. We're using FreeIPA internally, but if we
can link it in to the cert request process and cert mgmt process (from
the user end, not the CA end) that would be great.
The place to ask about Dogtag and the pki products is
<http://www.redhat.com/mailman/listinfo/pki-users> and the IRC Channel
on freednode is *#dogtag-pki.
*Integrating KRA into IPA is on the map, although I am not sure the
timeframe. However, I suspect that our approach would be assuming you
wanted your own CA. Not sure if you can do KRA with**an external CA.*
Freeipa-users mailing list