[Pki-users] Usage Clarification

Hello, So I'm rather new to pki-dogtag. I've installed it on a VM to try out since we are developing a product that requires a number of certificates but none of them need to be signed by a trusted browser CA like verisign. We currently are using puppet and func which generate their own certificate requests and get signed by system that has generated its own certificate. We are also looking at issuing certificates for systems like yum to retrieve updates from servers which would also check for client certificates etc. This brings me to my two questions. #1 - given the above, is dog tag able to deal with these certificates (I am so far under the impression that indeed it can) #2 - How does one request a certificate from the installed pki-ca? Reading http://tinyurl.com/7vujpqa [1] implies that the system/person requesting a certificate would submit some form of authentication. Whether this be LDAP, PIN-based or certificate based. Can I not simply have the certificate manager tell me of pending certificate requests? I don't expect any device to request a certificate without me knowing it needs one an initiating the process somehow, so the added authentication seems un-needed in my case. At the moment I'm used to puppet or func you have a puppetca function that can tell me the certificate signing requests pending approval, is this workflow fundamentally different than dogtag? [1] http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/7.3/html/Adm... -- Nathanael d. Noblet t 403.875.4613