Hello Jeremy,
Google really made a lot of great inventions but their unconditional
enforcement of https is something which I absolutely do not like.
Luckily it is not a big deal to make SCEP available via HTTPS in
OpenXPKI, the backend stuff does not care about this so all you need to
do is to add the SCEP related stuff from the Port 80 part of the apache
configuration file to the SSL vHost section and also add "scep" to the
RewriteCondition around Line 122:
> RewriteCond %{REQUEST_FILENAME}
!(cgi-bin|rpc|cmc|certep|download|healthcheck|scep)
HTH
Oliver
PS: OpenCA..yeah well, its now 18 years ago that I held this "OpenCA"
workshop at my university which became the initial kick-off for OpenXPKI :)
PPS: A Use Case story would be really appreciated
On 10.11.23 20:29, Jeremy Jackson wrote:
Hi,
I did a quick search of the mailing list, and it seems nobody has
asked this...
The OpenXPKI documentation says not to use https, which makes sense,
since the payload is already encrypted.
Google's Android platform however is making it increasingly difficult
to use unencrypted http connections from apps to backend servers. I
recently resurrected and updated droid-scep2
https://github.com/gjyoung1974/Droid_Scep2
To build with current Android Studio, and I was able to get it working
with OpenXPKI on Android v7 and v8. Newer versions disable http by
default.
While it is possible that there are workarounds, it seems that Google
is going in the direction of HTTPS only, and it would be great to get
out ahead of this and keep openXPKI working without interruption.
Regads,
Jeremy
PS - I used openCA back in the day, great to see it's still alive and
kicking!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
