Re: Suggested solutions to certificate handling/generation for server/clients using SSL/TLS.

To: Herman Robak <herman@skolelinux.no>
Cc: Debian-Edu <debian-edu@lists.debian.org>
Subject: Re: Suggested solutions to certificate handling/generation for server/clients using SSL/TLS.
From: Andreas Schuldei <andreas@schuldei.org>
Date: Wed, 8 Sep 2004 12:20:06 +0200
Message-id: <20040908102006.GB31177@lukas.schuldei.com>
In-reply-to: <opsdhpkxtu5056ey@dhcp147.intern>
References: <opsdhpkxtu5056ey@dhcp147.intern>

* Herman Robak (herman@skolelinux.no) [040829 12:46]:
> 	Suggested solution
> 
> During installation, a CA will be created.  Maybe before all the SSL-
> enabled servers are installed, maybe after; that depends on how we
> aim to solve the certificate signing.
>  If the CA is in place _before_ the SSL-enabled servers, they can
> have a pre-install script generate a signing request.  If the CA
> responds, and signs the request, the server gets a properly signed
> certificate.  If not, it can fall back to a self-signed certificate.
> dpkg-reconfigure ought to repeat this process, in case the CA was
> not working at install time.
>  Design consideration: The servers could "pull" their certificates
> by sending a signing request, or the CA could "push" by putting the
> certificate and the private key in a predetermined place.

are you working on this?

it is an important bit of infrastructure and needs care and
dedication over some time. I would certainly appreciate it if you
could commit to it.

Reply to:

Follow-Ups:
- Re: Suggested solutions to certificate handling/generation for server/clients using SSL/TLS.
  - From: Herman Robak <herman@skolelinux.no>

Prev by Date: Re: Status on Sarge (testing) version of Skolelinux
Next by Date: Re: Status on Sarge (testing) version of Skolelinux
Previous by thread: Re: Skolelinux jobs for students
Next by thread: Re: Suggested solutions to certificate handling/generation for server/clients using SSL/TLS.
Index(es):
- Date
- Thread