Bug 336198

Summary: YaST module - CA Manager
Product: [openSUSE] openSUSE 10.3 Reporter: Andreas Pedersen <alofflambas>
Component: YaST2Assignee: Michael Calmer <mc>
Status: RESOLVED WONTFIX QA Contact: Jiri Srain <jsrain>
Severity: Enhancement    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Pedersen 2007-10-24 00:03:47 UTC 
When I'm creating a 'Server Certificate' It force me to give a password.
It should be better to not force users to have passwords for there 'Server Certificates'.
Comment 1 Michael Calmer 2007-10-26 13:15:27 UTC 
Well ... No :-)

The idea:

yast2 ca-management manages certificates inside a repository. Inside this repository all keys are encrypted. 

If you click on a certificate and select "Export as file" in the combobox, you get an dialog which asks for the export format. There is an option to export the key not encrypted. 

If you want to export a certificate for this local server there is a special item in the combobox "export common server certificate" which put the selected certificate and key to /etc/ssl/servercerts/servercert.[pem|key] . The key is not encrypted in this case. 

Or you export as PKCS12 format and go with this (e.g. on an USB Stick) to a different host and start "yast2 common_cert" module. This reads the PKCS12 file and put the certificate and key (not encrypted) to /etc/ssl/servercerts/... too.

There is one thing I might to add later. Encrypt all keys with the CA password. I am sure the most people will do this by hand now. 
This is in our Feature list.

I hope this concept is acceptable.