Hi Stefan,
Am 26.01.22 um 17:54 schrieb Stefan Weigel:
Hi,
I have several questions, it would be nice to get answers or some hints where
to get more information, thanks!
I will try to give some answers ;)
API:
- are there some examples how to enable different authentication handlers (by
certificate, by access token, username + password)
I guess you mean the RPC API - you can pass a certificate which is quite
straight forward by referencing the Cert handler from the sample config
in the RPC config. Most of the other things are not really mature yet.
- is there some client implementation similar to ACME certbot ?
Our idea is to have machines interact automatically with OpenXPKI and
request a new cert (auth via old certificate?) in case the current cert is only
valid for X days. Is there any known implementation ?
OpenXPKI speaks SCEP and EST and there are a lot of clients outside - a
native API implementation is CertNanny which is a commercial product.
CA
- is it possible to define an auto apply/accept for certain/all types of
requests for a special CA (without manual approval) ?
yes ;)
- is there a list of supported smart cards (keeping the CA) supported by OpenXPKI (I've
read the example from documentation, section "HSM via PKCS#11") ?
While some people here on the list do that, we do not recommend this -
we had a PoC with YubiHSM which works but I would recommend a "real" HSM
if you need this security level. OpenXPKI also comes with support for
Shamir Secret Splitting in combination with software keys which provides
a good level of security even without hardware.
Support
- support is done by White Rabbit Security, for questions regarding our needs
should I directly contact them by phone/mail ?
Feel free to call or mail us ;)
best regards
Oliver
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
