Page Comparison

...

• $enable_pki = true 

  • Does this turn PKI on/off, turn PKI management on/off, turn the SIMP-specific PKI system on/off (see: The New Layout for all SIMP Modules)?

• $use_simp_pki = true

  • Okay, this looks like it explicitly means "Use SIMP's PKI system (e.g., FakeCA, keydist/, pki::copy)"

• $cert_source = '/absolute/path/to/dir'

  • simp-apache: Defines what directory look for certs in a 
  • ALTERNATIVE (simp-rsyslog): 

• $pki_cert_dir = '/same/as/cert_source/w/a/better/name'

Questions

• How should we configure tell a SIMP module to manage PKI bindings  (at all)?
  • The opposite of manage is "leave it alone."
  • Examples of management: 
    • where to look for certs, cacerts
    • ensure that SSL is on or off
    • ensure that SSL is validated
  • Examples of something other than management: 
    
    • EXTRA: distributing certificates on the filesystem 
      • This is extra because 
    • d

• How should we tell SIMP to use SIMP's pki module vs some other PKI distribution system?

  • Examples: 

    • file-based:

      • simp-pki module's pki::copy from FakeCA

      • simp-beaker-helpers gem's pki_copy_to function.

      • Independent file delivery mechanism (another module, probably need to do nothing)

      • QUESTION: Is it reasonable to always expect PKI cert/key/cacert to be present in the same directory structure as pki::copy?

    • (moonshots, not ) 

      • PKI stored in LDAP?

      • PKI stored in TPM?

...