Hi, > Is it possible to install and configure OpenXPKI SCEP service on a separate > machine or server except the CA installation ?
Yes, it is, but not directly with the OpenSource variant (Community Edition) of OpenXPKI. The OpenXPKI CE SCEP server is integrated with the Web server running the GUI, and this component communicates with OpenXPKI via a Unix Domain Socket which by definition only allows host-only communication. However, there's a lot of flexibility in the OpenXPKI design, and you could split the RA and CA into two OpenXPKI instances communicating by developing a suitable connector yourself. Our team at White Rabbit Security already addressed this requirement and implemented this approach in the Enterprise Edition of the product. As an alternative, White Rabbit Security also offers a lightweight SCEP and EST Gateway and which can attach remotely to an OpenXPKI backend instance actually processing the enrollment requests. Cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
