On Sun, Feb 17, 2013 at 10:13 PM, John R Pierce pie...@hogranch.com wrote:
On 2/17/2013 11:00 AM, Natxo Asenjo wrote:
I need to deploy an internal CA to our hosts.
you say a CA, then you talk about PKI, and finally LDAP which is a
Directory Server. these things are all interrelated, but remain three
separate entities.
sure, still to use stuff all the apps need to have the right CA cert info.
For a fullblown LDAP directory server, you might want to look at the 389
project, http://port389.org/wiki/Main_Page ... this is available for
CentOS6 via the EPEL repository.389 started as a fork of the old
Netscape Directory Server.
389 has been integrated with the Dogtag CA system as FreeIPA but I
believe this is more focused towards being a Windows Active Directory
replacement.
thanks, I think I did not express myself well enough.
We already have a ipa realm for our centos hosts and it indeed has a
built-in CA (dogtag).
The problem is we have other hosts *not* in the realm and they need to
use services with this internal CA. And they need to use them without
warnings about how unsafe this unknown CA is.
So for ldap clients, you drop the ca-cert in a directory and the ldap
tools do not complain. The same goes for java tools,
mozilla/thunderbird, chrome, ...
So the question is: where do you add the CA information in
centos/redhat servers for those kinds of applications?
--
natxo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
