Hello all,

 

Is it possible to setup the FreeIPA's CA use ECC cryptographic methods (ECDSA & 
co)  instead of RSA? That includes generating ECC CA certificates, and so on.

 

I don't think I was given any option towards this in the default installation 
process. Would appreciate instructions and/or pointers towards this. 

 

Also, can the default generated RSA CA switched later to ECC/ECDSA?

 

Why doesn't the CA allow cross-signing (RSA/ECDSA hybrid keychains) 
certificates? It seems to validate the types, although it is not strictly 
forbidden as crypthographic practice (mostly just inconvenient, but it's 
legal). I gave the CA ECC CSR (generated by openSSL on one of the servers), and 
to my amazement it failed to sign it properly complaining about the type not 
being RSA.

 
                                          
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to