Merci beaucoup pour toutes ces informations, et vos réponses rapides. Je testerais ça sous peu de temps.
Cordialement, GALLAY Dorian Le mar. 5 nov. 2024 à 16:44, Martin Bartosch via OpenXPKI-users < openxpki-users@lists.sourceforge.net> a écrit : > Hi, > > > From what I could find there are native Google Workspace functions for > SCEP, but normally the official connector for Google Workspace is a tool > that works exclusively with Active Directory (I refuse to use an Active > Directory). > > The Microsoft NDES server (which implements the SCEP server in ADCS) is > known to immediately issue certificate to whatever client that is able to > submit a roughly SCEP looking enrollment request. > > > That's why after some research I came across openXPKI, so given that the > concept of SCEP is officially integrated into Google Workspace, in theory > it could be used with openxPKI if I'm not saying something stupid? > > In theory it should work - if the Google developers have implemented RFC > 8894 properly. We have seen SCEP client implementations whose developers > claim that if it works with Microsoft NDES it should be sufficient. Some > implementations do not handle "PENDING" responses properly, for example (as > this is seemingly something that does never happen with MS ADCS). > > I guess in the end you will have to try it out. Feel free to use our demo > instance https://demo.openxpki.org <https://demo.openxpki.org/> > > Login via "Test Accounts". > > User "alice" is a normal user. > User "rob" is a RA Operator. > Passwords are "openxpki". > > Do not submit personal or sensitive data or anything that you don't want > people to see publicly (neither via the GUI nor via the enrollment > interface) > > The SCEP URI of this system is http://demo.openxpki.org/scep/generic > > Note that in contrast to Microsoft NDES, our SCEP server by default will > not immediately issue certificates in an initial enrollment, you will have > to approve these requests via the GUI before they get issued. > This is a policy setting that can be modified in the configuration (and > will have to be crafted specifically to support a use case like yours). > > Cheers > > Martin > > > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
