add x509 client certificate authentication #68
Comments
|
@gabriel-samfira, |
|
I think you have a few options here. It depends on how deep you want to go into this particular rabbit hole. On linux there are a few standard locations to store certificates and keys in. Commonly, trusted root certificates are stored in /etc/ssl/certs. This would be the equivalent of cert:\LocalMachine\Root. Any keys you generally want to generate, should go in /etc/ssl/private (although this is not mandatory, especially in a multi-tenant deployment - which is the vast majority of Linux deployments). There are other mechanisms to manage keys in Linux. Another commonly available application in any desktop Linux distribution is Seahorse, which also has a DBUS API, which allows users to query/watch user's keys. More info on that here: https://wiki.gnome.org/Apps/Seahorse/DBus . That however is desktop environment specific. Another option would be to emulate the way OpenSSH does things. Have a $HOME/.x509 folder on the system, create a cert:\ PSDrive on top of that, and a very thin abstraction that allows powershell to query it the same way it queries the windows APIs. Not familiar enough with powershell core code to know if this is feasible or not. If specifying the physical location on disk to the certificate and corresponding key is the easiest and cleanest way to do it, I am all for it. :-) |
|
thanks @gabriel-samfira. I appreciate your input. |
I would second this. Most software that I use on linux just has you explicitly specify a file paths for PEM encoded |
|
@tam7t I appreciate your input. Adding a reference to OMI issue as that is where this would need to get implemented first, |
No description provided.
The text was updated successfully, but these errors were encountered: