Hi Nick,
OpenXPKI supports so called "Signer On Behalf" so in case you are
managing those certs from a central location it might be worth to just
have ONE authentication certificate to sign the end-entity requests but
in the end this will also have the same "password issue" :(
As sscep is an OpenSource project feel free to add password support to
it, if you are good enough with perl you might also use the new SCEP
modules from OpenXPKI to write your own perl-based client (which can
handle password protected keys). Well and if a commercial license is an
option - we might have something in our toolbox ;)
best regards
Oli
On 22.05.23 15:29, Nick Dawson wrote:
Hey folks - I've been working on a script to automate the renewal of
freeradius certs via sscep against OpenXPKI's scep implementation.
The challenge (pun intended?) is that all my keys have a passphrase.
I could use openssl to strip the pass phrase, renew the cert, and then
re-add the phrase, but that feels clunky. It doesn't seem that
sscep allows piping in the passphrase from a file or the command line
and I know this isn't an sscep support list, so we don't have to get
deep in to the weeds there.
But I'm curious if OpenXPKI or this group has any tips or ideas? Is
there some way to avoid passing the key all together for the cert
renewal? Anyone have clever ideas?
Thanks in advance for any thoughts you have. If I can get this
working. I'll be glad to share the end result.
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
