Re: [Pki-users] SCEP Support

-----Original Message----- From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of Nathan Kinder Sent: Donnerstag, 28. Februar 2013 17:11 To: pki-users(a)redhat.com Subject: Re: [Pki-users] SCEP Support [bayes][heur] On 02/27/2013 10:56 PM, Elliott William C OSS sIT wrote: We are actually planning on going through our existing SCEP functionality to see what else from the Internet Draft should be implemented in Dogtag 10.1. In addition, we have a few smaller tickets related to SCEP in our Trac instance that we plan to look at (details at https://fedorahosted.org/pki/). We are not sure that we will be targeting "CA Key Rollover" specifically any time soon, as we want to see if there are more common SCEP use cases that should be targeted first. Is it specifically "CA Key Rollover" you are interested in using, or is there anything else from the SCEP Internet Draft that you have a use case for as well? [Elliott William OSS sIT] We use a relatively short-lived CA (because of the depth of our pki hierarchy) which requires CA certificate renewal after about 2-3 years. Furthermore, there are over a thousand clients. Therefore the automatic renewal of the CA Certificate on the clients is practically a must have for us (network managers want to ditch dogtag for IOS CA if they have to manually update all clients). As far as I can see, GetCACaps and GetNextCACert are the minimum that are needed for CA rollover - maybe more. Btw, the REST features look cool with v10.0. Best regards, Bill Elliott Thanks, -NGK _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users