[keycloak-dev] Certificate Management, Directory Services and Device Registration
Bill Burke
bburke at redhat.com
Fri Dec 20 16:05:12 EST 2013
On 12/20/2013 3:50 PM, Anil Saldhana wrote:
> On 12/20/2013 02:32 PM, Bill Burke wrote:
>>
>> On 12/20/2013 3:23 PM, Anil Saldhana wrote:
>>> Bill brought out some thoughts in my mind which I want to capture here
>>> to see what your thoughts are:
>>>
>>> * Certificate Management
>>> - We need a good system to CRUD certificates. The only good Java based
>>> oss I have seen is EJBCA.
>>>
>> Becoming a CA is way down the road, but my thoughts were that a realm
>> could just create client-certs signed with the realm's keypair using
>> Bouncycastle APIs. There would be an option to download the truststore
>> for the realm (for Java apps). And a text pkcs format (forget the
>> actual name) for non-Java apps.
> Good idea. But having a CA that helps users manage their certificates
> within a particular corporate domain, may be important for an integrated
> solution.
> CRUD/export-import truststores/keystores.
>
Short term. Yes, I want to be able to manage user certificates. This
is something Bruno/Aerogear is really interested in too.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list