Re: [Pki-users] will the new version of RHCS support RHEL6?

That’s all clear now, thank you Dmitri! Regarding our wish list :) Basically we just have evaluated ejbCA, so we want something similar but without EJB and heavy weight app server… i.e. - * UI for managing certs * Support SCEP & OCSP * API for issuing and revoking certs (cert-based request auth is preferrable) - as we want to integrate out product for revoking certs * Desirable - Export a key store (including cert) as PKCS#12, PEM (for manual deployment of certs on e.g. SSL servers). As mentioned earlier we are planning to use a CA for issuing and delivering certs to mobile devices via SCEP. So far we managed to issue certs for iphones via SCEP in ejbCA and Dogtag (pki-ca 9.0.3-30 package). Dogtag wins provided we can carry on using standalone CA services in the future for free as a part of RHEL IPA… Thanks, Oleg From: Dmitri Pal [mailto:dpal@redhat.com] Sent: 04 October 2013 16:54 To: Oleg Antonenko Cc: Nathan Kinder (nkinder(a)redhat.com); Ciaran Bradley; pki-users(a)redhat.com Subject: Re: [Pki-users] will the new version of RHCS support RHEL6? On 10/04/2013 11:48 AM, Oleg Antonenko wrote: Hi Dmitri, Nathan, Thank you for speedy responses. Could you please confirm my understanding? RHCS is going to be shipped as a part of RHEL7.x in the foreseeable future; It is not "a part" it is a stand alone product and not free. IPA is a free part of RHEL 6.x and will remain as such in the foreseeable future; Correct and same is true for RHEL7.x RHEL 6.x does not ship RHCS, but includes only pki-ca packages in order to support IPA. Correct Could you also clarify your point here ? The CA portion in RHEL is not supported by Red Hat for standalone use without an entitlement for the rest of RHCS, which isn't available on RHEL 6 RHCS is a layered product and can be acquired separately. We do not ship a version of RHCS on top of RHEL6. It is a big product and takes a lot of time to deliver. We decided to skip a major RHEL version. Does it mean RHCS is not free? Correct. Regarding this - We would be actually very interested if we can support this use case with core IPA. Would you be interested in a conversation about this? Yes, we’d love to. Ok let us have one. I am sorry, I have not been following the whole thread, just this mail caught my eye so what kind of functionality we are looking for? Can you formulate a "wish list" for your use case assuming the CA is a part of IPA? Many thanks, Oleg From: pki-users-bounces@redhat.com<mailto:pki-users-bounces@redhat.com> [mailto:pki-users-bounces@redhat.com] On Behalf Of Dmitri Pal Sent: 04 October 2013 16:21 To: pki-users@redhat.com<mailto:pki-users@redhat.com> Subject: Re: [Pki-users] will the new version of RHCS support RHEL6? On 10/04/2013 11:08 AM, Oleg Antonenko wrote: Hi Nathan, Could you please shed some light on the future plans for the pki-ca portion of RHEL? Will it be included in the standard RHEL distribution in the future? Dogtag 10+ will become a RHSC product on top of RHEL7.x Some of its portions will be gradually included into IPA that comes for free with RHEL. IMO full blown IPA is not that "full blown" in this case. We would be actually very interested if we can support this use case with core IPA. Would you be interested in a conversation about this? Thanks Dmitri I’m asking because we’re planning to use the CA bit only for issuing certificates to mobile devices via SCEP. We do not require any other services or the full blown IPA… With thanks, Oleg From: pki-users-bounces@redhat.com<mailto:pki-users-bounces@redhat.com> [mailto:pki-users-bounces@redhat.com] On Behalf Of Nathan Kinder Sent: 27 September 2013 20:03 To: pki-users@redhat.com<mailto:pki-users@redhat.com> Subject: Re: [Pki-users] will the new version of RHCS support RHEL6? On 09/26/2013 10:25 PM, 安 泱 wrote: Hi all, I'm a beginner of the dogtag certificate system, dogtag（RHCS）is a wonderful project, but I'm confused about RHCS, could you give any help? The latest version of RHCS is 8.1, which is based on dogtag 8.1, it supports RHEL5.8, and in RHEL6, pki-ca 9.0.3 was included without the other 5 subsystems, could you show me the consideration why RHCS do not support RHEL6? Is RHEL6 not secure enough or some other reasons？ It was simply not a targeted platform (nor are there plans to release it there). The pki-ca portion is included for use by IdM (based on the FreeIPA project). Thanks, -NGK Regards. An Yang _______________________________________________ Pki-users mailing list Pki-users@redhat.com<mailto:Pki-users@redhat.com> https://www.redhat.com/mailman/listinfo/pki-users _______________________________________________ Pki-users mailing list Pki-users@redhat.com<mailto:Pki-users@redhat.com> https://www.redhat.com/mailman/listinfo/pki-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/> -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>