Hi Oliver, I would love to help develop a general ansible module which can help enroll certificates.
I am still quite new in OpenXPKI, and I am not sure which API to fit for the purpose. I would prefer to use the REST api or the EST - what do you think? Overall, what I have had working with EST so far is: openssl req -new -subj "/CN=est-test.openxpki.org" -nodes -newkey rsa:4096 -keyout estcert.key -outform der | openssl base64 -e 2>/dev/null > req.p10 and then: curl -v https://internal-ca02.netic.dk/.well-known/est/simpleenroll --anyauth -s -o cert.p7 --data-binary @req.p10 -H "Content-Type: application/pkcs10" --dump-header resp.hdr I am not sure how auth should be done? I guess it is possible to provide a user certificate or an HTTP basic auth. Med venlig hilsen / Best Regards *Netic A/S* *Per Abildgaard Toft* Senior Consultant [email protected] Mobile: +4577770861 Main: +45 7777 0888 | Support: +45 7777 0999 Address and contact information <https://www.netic.dk/en/contact-us/> On Thu, Mar 25, 2021 at 7:50 AM Oliver Welter <[email protected]> wrote: > Hi Per, > > we did something like this in a customer project (well the customer did > it) but I am highly interested in getting a general receipt for this. If > you are willing to contribute the Ansible Know-How I will try to add the > OpenXPKI magic. > > We should start with your actual requirements ;) > > Oliver > > Am 24.03.21 um 10:29 schrieb Per Abildgaard Toft via OpenXPKI-users: > > Hi OpenXPKI users, > > Has anyone created an ansible module to enroll certificates with OpenXPKI? > > Med venlig hilsen / Best Regards > *Netic A/S* > > *Per Abildgaard Toft* > Senior Consultant > [email protected] > > Mobile: +4577770861 > Main: +45 7777 0888 | Support: +45 7777 0999 > Address and contact information <https://www.netic.dk/en/contact-us/> > > > _______________________________________________ > OpenXPKI-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
