Hi, > From what I could find there are native Google Workspace functions for SCEP, > but normally the official connector for Google Workspace is a tool that works > exclusively with Active Directory (I refuse to use an Active Directory).
The Microsoft NDES server (which implements the SCEP server in ADCS) is known to immediately issue certificate to whatever client that is able to submit a roughly SCEP looking enrollment request. > That's why after some research I came across openXPKI, so given that the > concept of SCEP is officially integrated into Google Workspace, in theory it > could be used with openxPKI if I'm not saying something stupid? In theory it should work - if the Google developers have implemented RFC 8894 properly. We have seen SCEP client implementations whose developers claim that if it works with Microsoft NDES it should be sufficient. Some implementations do not handle "PENDING" responses properly, for example (as this is seemingly something that does never happen with MS ADCS). I guess in the end you will have to try it out. Feel free to use our demo instance https://demo.openxpki.org <https://demo.openxpki.org/> Login via "Test Accounts". User "alice" is a normal user. User "rob" is a RA Operator. Passwords are "openxpki". Do not submit personal or sensitive data or anything that you don't want people to see publicly (neither via the GUI nor via the enrollment interface) The SCEP URI of this system is http://demo.openxpki.org/scep/generic Note that in contrast to Microsoft NDES, our SCEP server by default will not immediately issue certificates in an initial enrollment, you will have to approve these requests via the GUI before they get issued. This is a policy setting that can be modified in the configuration (and will have to be crafted specifically to support a use case like yours). Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
