#466 Cert system rebuild

Created 9 years ago by mmcgrath
Modified a year ago

Time to rebuild the cert system. We need to get FAS to generate based off of serial number. WE need the other apps to realize when a cert is not valid and we need an easy way to revoke certs.

Bouncing to F-12. need to work with dogtag to get into fedora.

a proposed F-13 feature is dogtag. re-targeting

Any news here? Is this still on the radar? Or no longer?

This has been dormant for at least 4 years, does it still apply or can we close it ?

It's still pending. We are still using the old system bolted on to fas, and we want to move to something better. So yes, it still pending.

So, the user visible part of this is going to be replaced with FreeIPA/Kerberos tickets instead of certs. We already have this working in staging. There's some cert use left, but it's all internal and can use a easyrsa setup.

I'm going to close this now.

Login to comment on this ticket.