Background
In various modules that deal with PKI, parameters such as the following have been observed:
$enable_pki = trueDoes this turn PKI on/off, turn PKI management on/off, turn the SIMP-specific PKI system on/off (see: The New Layout for all SIMP Modules)?
$use_simp_pki= trueOkay, this looks like it explicitly means "Use SIMP's PKI system (e.g., FakeCA, keydist/, pki::copy)"
$cert_source= '/absolute/path/to/dir'- simp-apache: Defines what directory look for certs in a
- ALTERNATIVE (simp-rsyslog):
$pki_cert_dir = '/same/as/cert_source/w/a/better/name'
Questions
- How should we configure a SIMP module to manage PKI bindings at all
- Examples of management:
- where to look for certs, cacerts
- ensure that SSL is on or off
- ensure that SSL is validated
- Examples of management:
How should we tell SIMP to use SIMP's pki module vs some other PKI distribution system?
Examples:
simp-pki module's
pki::copyfrom FakeCAsimp-beaker-helpers gem's
pki_copy_tofunction.Independent delivery mechanism
(moonshots, not)
PKI stored in LDAP?
PKI stored in TPM?