On Fri, May 30, 2014 at 2:13 PM, rgamurphy <[email protected]> wrote: > Hello, > > I'm at the beginning of designing an OSSEC infrastructure for my > organization and from what I've been unable to find on my own I must have a > bit of an unusual requirement for our setup. We have an internal CA with a > hierarchal setup (a top level signing authority with a few layers of > subordinates as a way to thwart cross environment data contamination). This > mostly works well for us and I can usually find supporting documentation > regarding how different subsystems work with/as subordinate CAs. The idea > is to have ossec-authd take care of federating new agents as a subordinate > certificate authority. Ideally, the cert would also be used to verify the > clients at the initial key assignment as well (but that seems to be a > feature still in pull request > https://github.com/ossec/ossec-hids/issues/166). > > I'm actually a bit surprised that I can't find this in OSSEC documentation > but I assume it would be supported since the cryptography backend is > OpenSSL. Has anyone tried and/or have some guidance around this? >
I probably don't have any clue what you're actually asking, but OSSEC's authd cannot give out anything beyond an OSSEC key. > Thanks! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
