Am 04.09.2014 um 17:20 schrieb Pawel Tomulik: > Noobs question, > > what secret method should I use for the vault private keys in my realms? > For each realm I have a group of users (authenticated against LDAP) who > should be able to easily issue CSRs (for personal certs). It looks like > I'm not fully understand the purpose of vault cert/key. > The vault key is used to encrypt "internal" data that is sensitive and should not be exposed to e.g the database admin. Such data is, for example, the password that is used to ship a server generated key to the user. I would NOT recommend to use a plain password as anybody with access to the server might be able to extract private keys from the workflows (only while they are in certain states) but it would be fine if you use the same password group as for the signature token.
Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
