[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing TLS credentials in the directory

To: OpenLDAP-devel@openldap.org
Subject: Re: Storing TLS credentials in the directory
From: Turbo Fredriksson <turbo@bayour.com>
Date: Sun, 9 Apr 2017 17:29:35 +0100
Authorized-sender: turbo@bayour.com
In-reply-to: <223d2e96-5b9f-c069-9bbc-2e921a15c287@symas.com>
References: <E1cx31W-0005aD-M5@euler.openldap.org> <WM!4ba83b2090d2bd1da4412c283bf93e9733cc0be005cc6e1eea16569b1a5755a16c137c899e1426c4e700614ef0d86a6e!@mailstronghold-2.zmailcloud.com> <faee960d-3967-2eed-b6ec-d2f8e0b4fdc6@symas.com> <9444E7C8-A0A8-464B-9BAA-B057162CF14F@bayour.com> <BE9CD1C3-B433-453A-92EE-258046EA3796@bayour.com> <WM!72c4bd8a502cb74b06f81b6b79f016b392e96533e633776189e8f3d79378f724d1b0950ee046f711f5b3fe60c82ab046!@mailstronghold-1.zmailcloud.com> <3b82bb6c-d295-586a-97ae-1498b74062bd@symas.com> <7A069EFE-53C6-4EDC-98DC-F2D9F53F2A18@bayour.com> <WM!f39622754a54a322cd4b5d4c797e2b29ba134ab8db60fd17eed0c572861319bf9e5b6654563372ab175acd66972902c7!@mailstronghold-2.zmailcloud.com> <223d2e96-5b9f-c069-9bbc-2e921a15c287@symas.com>

On 9 Apr 2017, at 14:24, Howard Chu <hyc@symas.com> wrote:

> Please read the slapo-autoca(5) manpage for more info.

This is exactly how easy I’m envisioning this to be! Brilliant, thanx!

So if I’m understanding this correctly, all you have to do to request
a certificate for a specific object, is to read the “userPrivateKey;binary”
of that RDN?

Now, I know it’s well to early for feature requests :D, but I have a few
questions (and a feature request :):

    1) Why is both certificates (private AND public) in the same attribute?
        I can see the reason to have the public … “public” (with a much
        more relaxed ACL/ACI).

    2) What if I want a new certificate for that RDN?
         Such as the previous one is [about to] expire and it needs to be
         refreshed (preferably (?) without destroying/removing the old one).

    3) Is the CAs _public_ key available as well?
         Same reason as point 1.

    4) If I already have a CA “on premises” and that have created an
        intermediate CA I’d like to use for “autoca”, could this be done?

References:
- Storing TLS credentials in the directory
  - From: Howard Chu <hyc@symas.com>
- Re: Storing TLS credentials in the directory
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: Storing TLS credentials in the directory
  - From: Howard Chu <hyc@symas.com>
- Re: Storing TLS credentials in the directory
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: Storing TLS credentials in the directory
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Storing TLS credentials in the directory
Next by Date: Re: Storing TLS credentials in the directory
Index(es):
- Chronological
- Thread