Re: [Pki-users] keygen support in RA
Andrew Wnuk writes:
On 06/08/2011 02:46 PM, Mike Helm wrote:
> Andrew Wnuk writes:
>> Will Safari on iPad work similar way?
> ipad/iphone seems to lack crypto services - there's nothing presented
> by<keygen>,& no keys are generated. I don't find any UI for
certificate
> management either but I don't know very much about this platform.
>
> We suspect Apple is going to (or maybe does) support certificates by
> generating keys, signing,& pushing to the device. I'd like to be
> wrong about all of this - if we had some certificate UI we could
> start supporting this platform in some capacity, which would be very
> welcome. Thanks, ==mwh
I saw some references on the net saying that iPad could use SCEP
protocol to deploy certificates.
(http://images.apple.com/ipad/business/pdf/iPad_Deployment_Scenarios.pdf)
Have you tried this?
No we haven't but thanks for that tip - will definitely look into this.
My _guess_ at this point is that the platform can't generate the keys,
it needs to get them from somewhere else. Having never used SCEP I don't
know if the ipad platform can use a bare key pair to craft a signed SCEP
request or not. Otherwise, I read the page as discussing various methods the ipad
can use to download a certificate from a smarter one - like your Mac laptop.
However, the page doesn't seem to distinguish the private key handling from
cert handling, so....
Hand-me-down certificates fit our working scenarios today but we'll soon have
customers that
want to conduct these transactions directly on their mobile platform. I think
that'll
mean we have to have a key pair generator or some other trusted service.
Thanks, ==mwh