CA usage and practices
Stefan.Paetow at jisc.ac.uk
Fri Mar 24 12:31:25 CET 2017
>> People don't talk about this enough. A CA is more than just a server or HSM, some scripts and a web UI. It's almost *all* about process and procedure, and as technical people we tend to ignore this.
> Typical CA failures happen when people make mistakes. It is extremely rare that an automated process goes wrong.
As demonstrated by DigiNotar (keys left in the devices/machines).
>> Slightly OT: can we have a quick headcount of which client deployment tools people are using to deploy their private CA, ideally annotated with any platforms it *doesn't* support?
> This would be good to now, and to document on the wiki.
Speaking of which, Alan, I know the bootstrap script is, well, for demo purposes, but it does get used rather a lot for deployments. You may eventually get a replacement for bootstrap from either myself (as proxy) or someone else who thought it was inadequate for production purposes. :-)
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
xmpp: stefanp at jabber.dev.ja.net
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP
More information about the Freeradius-Users