Thank you very much for all this information, and your quick responses. I will test this shortly.
Sorry, I wrote in French out of habit. Sincerely, GALLAY Dorian Le mar. 5 nov. 2024 à 17:38, Dorian GALLAY <dgal...@delfingen.com> a écrit : > Merci beaucoup pour toutes ces informations, et vos réponses rapides. > > Je testerais ça sous peu de temps. > > Cordialement, > > GALLAY Dorian > > Le mar. 5 nov. 2024 à 16:44, Martin Bartosch via OpenXPKI-users < > openxpki-users@lists.sourceforge.net> a écrit : > >> Hi, >> >> > From what I could find there are native Google Workspace functions for >> SCEP, but normally the official connector for Google Workspace is a tool >> that works exclusively with Active Directory (I refuse to use an Active >> Directory). >> >> The Microsoft NDES server (which implements the SCEP server in ADCS) is >> known to immediately issue certificate to whatever client that is able to >> submit a roughly SCEP looking enrollment request. >> >> > That's why after some research I came across openXPKI, so given that >> the concept of SCEP is officially integrated into Google Workspace, in >> theory it could be used with openxPKI if I'm not saying something stupid? >> >> In theory it should work - if the Google developers have implemented RFC >> 8894 properly. We have seen SCEP client implementations whose developers >> claim that if it works with Microsoft NDES it should be sufficient. Some >> implementations do not handle "PENDING" responses properly, for example (as >> this is seemingly something that does never happen with MS ADCS). >> >> I guess in the end you will have to try it out. Feel free to use our demo >> instance https://demo.openxpki.org <https://demo.openxpki.org/> >> >> Login via "Test Accounts". >> >> User "alice" is a normal user. >> User "rob" is a RA Operator. >> Passwords are "openxpki". >> >> Do not submit personal or sensitive data or anything that you don't want >> people to see publicly (neither via the GUI nor via the enrollment >> interface) >> >> The SCEP URI of this system is http://demo.openxpki.org/scep/generic >> >> Note that in contrast to Microsoft NDES, our SCEP server by default will >> not immediately issue certificates in an initial enrollment, you will have >> to approve these requests via the GUI before they get issued. >> This is a policy setting that can be modified in the configuration (and >> will have to be crafted specifically to support a use case like yours). >> >> Cheers >> >> Martin >> >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> OpenXPKI-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
