Subject: | |
From: | |
Reply To: | |
Date: | Tue, 19 Feb 2013 19:13:59 +0100 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Tue, Feb 19, 2013 at 3:19 PM, Nico Kadel-Garcia <[log in to unmask]> wrote:
> SSL certicificates are associated with specific applications, so
> there's no surprise here. Also,some of the contents in /etc/pki are
> for GPG keys, not SSL certificates (such as /etc/pki/rpm-gpg). And
> others are for applications that probably don't need this unless
> you're going to a lot of work, such as "/etc/pki/dovecot". And some
> are the root certificates for Mozilla designated upstream signature
> authorities, such as /etc/pki/java/cacerts and /etc/pki/tls/cacerts/*
>
> Unfortunately, each application handles the certificicates
> individually, so you really have to deal on an application by
> application basis with these.
>
> Which *application* are you using IPA for ? Just Kerberos
> authentication, or full account management, or what?
the total package, including soon a cross realm trust with an AD infrastructure.
I am starting to think that maybe a wildcard certificate might just be
easier and cheaper ...
--
natxo
|
|
|