...the management is a little concerned about MITM attacks against the FDS, so we need a way to
verify that the server saying that it's our FDS really is the FDS. Right now no certs are
deployed on the clients, we're using them only for SSL traffic encryption.
If I'm interpreting your question right, I think you're already covered
for this as long as:
- Your client apps do server cert verification.
- Your internal CA isn't compromised.
- Your cert/key DB files on your FDS servers haven't been compromised.
You shouldn't need to sign a new certificate for every client, you just
need a copy of the CA certificate on each client.
Susan wrote:
Hi, everyone. I think this subject has been briefly raised before but I've more questions.
Can RHCS be used to hand out CA certs to Unix clients (linux/solaris)?
Has anybody done this?
RHCS doesn't seem to be opensourced. Is there a reliable free alternative?
The problem I'm trying to solve is that my CA cert is self-signed. I guess even if it weren't,
the management is a little concerned about MITM attacks against the FDS, so we need a way to
verify that the server saying that it's our FDS really is the FDS. Right now no certs are
deployed on the clients, we're using them only for SSL traffic encryption.
What's the best way to go about doing this? I don't want to manually create/deploy dozens of
certs for various clients. I also need a way to implement CRL somehow, in case a box is
comprosmised.
Thank you.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
