Am 27.01.22 um 08:42 schrieb Stefan Weigel: > Hi Oliver, > >> OpenXPKI speaks SCEP and EST and there are a lot of clients outside - a >> native API implementation is CertNanny which is a commercial product. > OK, got it. Well, we need to spend more time to get into the topic. > > For a realm there's a: > - vault token > - ca-signer > - scep token > > So in case I want to have several signing CA's for segmentation (e.g. VPN, > WEB, etc.) I create separate realms ? But how to address access via SCEP / > RPC / ... to the different realms ? > There's a global scep/rpc/est directory with a conf-files pointing to one > realm.
In OpenXPKI its simple - one (logical) Issuing CA = one Realm and you can have an arbitrary number of so called endpoints mapping to different realms/configurations for any protocol: https://openxpki.readthedocs.io/en/latest/subsystems/index.html Oliver -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
