PKI management tools using CFML
Hi all, I'm about to embark on a mini project, building some tools for web based management of Public/Private key pairs (issue requests and revocations) on a (as yet to be installed and configured) linux OpenCA Certificate server. I'm wondering if anybody has already done anything in this area in the past and would be keen to learn from their experiences. No point in re-inventing the wheel. TIA, Dave ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: PKI management tools using CFML
Hi Dave, how are things? Do you have to use a DB? Often p/p keys are stored in an LDAP Repository. You're using linux right? IMHO OpenLDAP is the best Opensource LDAP server. http://ospkibook.sourceforge.net/ free pki book. Links: OpenCA http://www.openca.org Jonah http://www.foobar.com/jonah/ Also there a XML Key Management Specification (XKMS), have a look around lot of java code for this.. WG -Original Message- From: Dave Wilson [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 12:38 To: CF-Talk Subject: PKI management tools using CFML Hi all, I'm about to embark on a mini project, building some tools for web based management of Public/Private key pairs (issue requests and revocations) on a (as yet to be installed and configured) linux OpenCA Certificate server. I'm wondering if anybody has already done anything in this area in the past and would be keen to learn from their experiences. No point in re-inventing the wheel. TIA, Dave ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: PKI management tools using CFML
Forgot to mention there is, (was?), a bug using SSL in CFLDAP on linux .. WG -Original Message- From: webguy [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 13:07 To: CF-Talk Subject: RE: PKI management tools using CFML Hi Dave, how are things? Do you have to use a DB? Often p/p keys are stored in an LDAP Repository. You're using linux right? IMHO OpenLDAP is the best Opensource LDAP server. http://ospkibook.sourceforge.net/ free pki book. Links: OpenCA http://www.openca.org Jonah http://www.foobar.com/jonah/ Also there a XML Key Management Specification (XKMS), have a look around lot of java code for this.. WG -Original Message- From: Dave Wilson [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 12:38 To: CF-Talk Subject: PKI management tools using CFML Hi all, I'm about to embark on a mini project, building some tools for web based management of Public/Private key pairs (issue requests and revocations) on a (as yet to be installed and configured) linux OpenCA Certificate server. I'm wondering if anybody has already done anything in this area in the past and would be keen to learn from their experiences. No point in re-inventing the wheel. TIA, Dave ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: PKI management tools using CFML
Cheers Webguy, I'm not using LDAP at the moment but will probably seriously consider it in the future. Basically eversince I moved over from a Windows environment to linux, I've been trying to find a workaround for the cgi.remote_user variable presence. My apps originally detected the remote_user variable (user identification) then applied various application policies based upon the rules stored in the MS SQL database for the application. This worked nicely as my apps were all only accessible via VPN and thus user authentication and identification was taken care of by our win2k VPN server. I've since changed our infrastructure over to linux and thus the cgi.remote_user variable is no longer available unless I re-introduce a manual login (authenticating against .htaccess) which is not what we want. We want to keep everything as transparent as possible. My solution is to implement pki across our vpn, which would then furnish me with cgi.cert_serial etc variables, which I can use as user identification values for my application policy rules tables. This also furnishes me with an additional security layer for my apps. I was aware of the CFLDAP/SSL bug in linux, which was possibly one of my reasons for staving off the changeover to LDAP at this stage. Anyway, thanks for the links. Especiaslly the ospki book link. I've been glossing through it over the last hour or so and it has some very useful info contained in it. Dave -Original Message- From: webguy [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 13:18 To: CF-Talk Subject: RE: PKI management tools using CFML Forgot to mention there is, (was?), a bug using SSL in CFLDAP on linux .. WG -Original Message- From: webguy [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 13:07 To: CF-Talk Subject: RE: PKI management tools using CFML Hi Dave, how are things? Do you have to use a DB? Often p/p keys are stored in an LDAP Repository. You're using linux right? IMHO OpenLDAP is the best Opensource LDAP server. http://ospkibook.sourceforge.net/ free pki book. Links: OpenCA http://www.openca.org Jonah http://www.foobar.com/jonah/ Also there a XML Key Management Specification (XKMS), have a look around lot of java code for this.. WG -Original Message- From: Dave Wilson [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 12:38 To: CF-Talk Subject: PKI management tools using CFML Hi all, I'm about to embark on a mini project, building some tools for web based management of Public/Private key pairs (issue requests and revocations) on a (as yet to be installed and configured) linux OpenCA Certificate server. I'm wondering if anybody has already done anything in this area in the past and would be keen to learn from their experiences. No point in re-inventing the wheel. TIA, Dave ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
