[Date Prev][Date Next]
Re: Storing TLS credentials in the directory
On 9 Apr 2017, at 14:24, Howard Chu <firstname.lastname@example.org> wrote:
> Please read the slapo-autoca(5) manpage for more info.
This is exactly how easy I’m envisioning this to be! Brilliant, thanx!
So if I’m understanding this correctly, all you have to do to request
a certificate for a specific object, is to read the “userPrivateKey;binary”
of that RDN?
Now, I know it’s well to early for feature requests :D, but I have a few
questions (and a feature request :):
1) Why is both certificates (private AND public) in the same attribute?
I can see the reason to have the public … “public” (with a much
more relaxed ACL/ACI).
2) What if I want a new certificate for that RDN?
Such as the previous one is [about to] expire and it needs to be
refreshed (preferably (?) without destroying/removing the old one).
3) Is the CAs _public_ key available as well?
Same reason as point 1.
4) If I already have a CA “on premises” and that have created an
intermediate CA I’d like to use for “autoca”, could this be done?