Hi Andrew, In general, I'd recommend against using wildcard certs just out of convenience. If you give a shortcut to a developer (and I include myself in that group), they will want to use the shortcut in production, too.
With OpenXPKI, you can easily automate the whole enrollment process for non-wildcard certificates. For your developer sandboxes, I'd suggest a separate openxpki instance with its own trust chain. A script for your developers can submit the CSRs via SCEP or even RPC and the profile for these certs can be configured to allow auto-enrollment. Not only will you save yourself on admin overhead, you'll also prevent developer certs from being mistaken for production certificates. Hope this helps, Scott > On Jan 25, 2017, at 14:26, Andrew Davis <[email protected]> wrote: > > Hello, I am wondering if it is possible to generate wildcard certs using > openxpki? I have not found much documentation on it and it would help us > with a situation where we don’t have to generate a certificate for each > developer’s sandbox. > > Thank You ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
