--- Richard Megginson <rmeggins at redhat.com> wrote: > Susan wrote: > > Hi, everyone. I think this subject has been briefly raised before but I've more questions. > > > > Can RHCS be used to hand out CA certs to Unix clients (linux/solaris)? > > > Yes. You go to the RHCS web interface, click "Get CA Cert Chain", and > you can download or copy/paste the CA cert for use with client apps (or > importing into your web browser or email program or etc.). This assumes > you are using RHCS as your CA. well, I'm speaking strictly of ldap clients. Browsers I don't care about. > > Has anybody done this? > > > We used this extensively at Netscape. to automatically hand out CA certs to ldap clients upon request? > > Right now no certs are > > deployed on the clients, we're using them only for SSL traffic encryption. > > > Do you mean client cert auth? well, no. We don't care whether the clients misrepresent themselves. We care if the FDS misrepresents itself. > CA certs or client certs? For the CA cert problem, AFAIK, there is no > way around it - you have to configure your clients to trust your CA one > way or another. You can mitigate this somewhat by going through the > process of getting a real CA cert from one of the trusted root CAs > listed in your web browser or email client. yea but what about ldap clients? AFAIK no ldap client implicitly trusts verisign or anything like that. So, even if I do get a real CA cert, will a plain vanilla FC4 install trust it? I'm guessing no....? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
