> On 17 Nov 2022, at 10:15, Alexander Bokovoy <[email protected]> wrote: > > On to, 17 marras 2022, Francis Augusto Medeiros-Logeay via FreeIPA-users > wrote: >> Hi, >> >> I try to find good documentation on SCEP and FreeIPA, but I cannot find >> something that seems updated nor conclusive. >> >> Does FreeIPA support SCEP out of the box, or does it need some hacking to do >> so? >> >> And does it support other types of certificate enrolment besides its own >> api/client? >
Thanks a lot for a very explanatory answer as usual, Alexander. > It really depends on what you are asking for: FreeIPA as an integrated > CA or FreeIPA as a consumer of some other CA. I was thinking more as FreeIPA and its own CA. > As a consumer of some other CAs, certmonger supports requesting > certificates through SCEP. See certmonger-scep-submit(8) man page and > /usr/share/doc/certmonger/scep.txt for details. > > FreeIPA integrated CA does not support SCEP itself. Well, Dogtag PKI > does have support for SCEP responder but it is not configured by default > and is not supported in IPA frontend that does verification of the > request. Yes, I guess that this is what some of the documents I’ve seen around say. > FreeIPA integrated CA supports ACME protocol (same as Let's Encrypt). > Would using ACME be a better option? I was thinking of trying to use FreeIPA with some MDM solutions, and the one I am trying (Workspace ONE) does not support ACME, unfortunately. Best, Francis > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
