|
|
|
|
|
|
by mananaysiempre
1080 days ago
|
|
|
> You need a PKI which exposes a SCEP endpoint (ejbca or dogtag supports this). Uhh... > [...] ejbca [...] Now you have two problems. What I mean is, if you’ve been already running EJBCA for whatever reason then this is perhaps reasonable, but if your current setup is at the level of typing `openssl req` into a terminal (whether that’s a good idea or not), it sounds like a lot of additional complexity. (Can’t say anything about dogtag.) I’ve been waiting forever for somebody to add an ACME backend to the Go SCEP library[1], but it doesn’t look like that has happened. In the meantime it includes a fairly competent standalone CA server at the abovementioned invoke-openssl-by-hand level. Note that SCEP basically requires a trusted network, though, from what I remember. [1] https://github.com/micromdm/scep |
|
|