[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing TLS credentials in the directory

On 9 Apr 2017, at 14:24, Howard Chu <hyc@symas.com> wrote:

> Please read the slapo-autoca(5) manpage for more info.

This is exactly how easy I’m envisioning this to be! Brilliant, thanx!

So if I’m understanding this correctly, all you have to do to request
a certificate for a specific object, is to read the “userPrivateKey;binary”
of that RDN?

Now, I know it’s well to early for feature requests :D, but I have a few
questions (and a feature request :):

    1) Why is both certificates (private AND public) in the same attribute?
        I can see the reason to have the public … “public” (with a much
        more relaxed ACL/ACI).

    2) What if I want a new certificate for that RDN?
         Such as the previous one is [about to] expire and it needs to be
         refreshed (preferably (?) without destroying/removing the old one).

    3) Is the CAs _public_ key available as well?
         Same reason as point 1.

    4) If I already have a CA “on premises” and that have created an
        intermediate CA I’d like to use for “autoca”, could this be done?