Menu
▾
▴
Re: [Ejbca-develop] Automating CSR signing
|
From: Tomas G. <to...@pr...> - 2016-07-04 06:53:10
|
Hi Gregory, You are right that the WS API is more targeted for RA functionality. CMP have pretty good open source support both in C (cmpforopenssl) and Java (BouncyCastle), and would make it easy to automate things in a relatively secure way. If the environment is secure you can HTTP POST. It still requires to register the end entities first. This can be scripted of course, so if you have a production line you can script creating 1M end entities numbered 1-1M, then simply http post to get the certificates. Another way, by simple tweaking is to use the "DemoCertreqServlet" which simply does what you want without any aithorization. Cheers, Tomas ----- Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. https://www.primekey.se/technologies/products-overview/ https://www.primekey.se/service-support/support/ On 2016-07-02 13:48, LANDAIS Gregory wrote: > Hi, > > I am evaluating EJBCA to see if it will fit my current needs. This needs > includes the possibility to automate the signing of CSR generated by > users. My "users" will be systems that I will plug to my isolated and > trusted network, they will automatically generate key pairs, the > corresponding CSR, submit it for signing before leaving into the wild > with their certificate. > > I had a look at the SOAP API but it seems it is more focused on RA and > CA functionality (e.g. it requires authentication with certificate that > my systems don't have yet). > > I had a look at SCEP and CMP protocols but open-source implementations > seems outdated/hard to get working and they seems overkill for what I > want to do. > > I though about manually sending HTTP POST requests to the public web > interface but maybe there is a better way ? > > > > ------------------------------------------------------------------------------ > Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San > Francisco, CA to explore cutting-edge tech and listen to tech luminaries > present their vision of the future. This family event has something for > everyone, including kids. Get more information and register today. > http://sdm.link/attshape > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
