[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ca certificate

To: Alberto Fondi <alberto.fondi@lnf.infn.it>
Subject: Re: Ca certificate
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Fri, 12 Jan 2007 15:34:15 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <45A74EEC.4050607@lnf.infn.it>
References: <45A74EEC.4050607@lnf.infn.it>
Sender: owner-heimdal-discuss@sics.se

Hello Alberto,

>    i have another question about pkinit. In the configuration file  
> we must specify a ca certificate for the client and for the server,  
> because the first must verify the public key of the second and the  
> second the public key of the first.
>
> Is it correct?

Yes, written out in examples:

The section for trust anchor that the client to verify the KDC  
certificate is the following:

[appdefaults]
	pkinit_anchors = FILE:/path/to/trust-anchors.pem

the section for the trust anchor that the KDC uses to verify the  
client certifiate is the following:

[kdc]
	pkinit_anchors = FILE:/path/to/trust-anchors.pem

Love

References:
- Ca certificate
  - From: Alberto Fondi <alberto.fondi@lnf.infn.it>

Prev by Date: federal frighteningly
Next by Date: From: Michael Ezra
Prev by thread: Ca certificate
Next by thread: Heimdal client for Windows
Index(es):
- Date
- Thread