Menu
▾
▴
Re: [Ejbca-develop] EJBCA WebSockets connection system
|
From: Anders R. <and...@gm...> - 2017-01-06 19:37:55
|
On 2017-01-06 19:51, Willi Trace wrote: > I am implementing websocket connection pool from EJBCA to clients primarily as a replacement of external RA and peer connections which are not available in Community Edition. > > is there any work done on this which I can reuse or build on it? > Of course I would like to publish it to community when it will be ready. > > My first concept is working similar to peer connections (although I do not know current implementation of Enterprise Edition) but through wss. It should be effective and easily managed through admin GUI authenticated by AKB. Hi Willi, I'm a former PrimeKey employee who some years ago developed a replacement for the external RA: https://cyberphone.github.io/doc/openkeystore/javaapi/org/webpki/securityproxy/package-summary.html I have integrated this with EJBCA but the integration is owned by PrimeKey. I have been thinking about upgrading the public part (the API above) to use WebSocket but haven't had any time to do that. The current scheme uses serialized Java objects which I also want to shelve. Today I have totally (and forever...) left the WS/XML/XSD camp in favor of JSON. So a new system would (from my perspective) be built on JSON. https://cyberphone.github.io/doc/openkeystore/javaapi/org/webpki/json/package-summary.html Two-way TLS auth seems good to keep. In my setup I use a symmetric scheme so that the same cert+key is used in both directions. That is, the self-signed cert is both server and client. I had no problems integrating the proxy in EJBCA so I would still consider making a separate component. Best Anders > > WT > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
