Re: Does OpenConnect handle SCEP?
On Sun, Apr 28, 2024 at 7:24 AM David Woodhouse wrote: > > On Sat, 2024-04-27 at 22:56 -0400, marc...@gmail.com wrote: > > > > I've been looking online for an alternative to Cisco AnyConnect client > > (which I haven't been able to get working on Linux) and I saw people > > recommending OpenConnect. My workplace VPN is configured to do > > certificate enrollment when connecting for the very first time, which > > I believe is done through SCEP (simple certificate enrollment > > protocol). I've installed and tried NetworkManager-openconnect but it > > doesn't seem to do this initial certificate enrollment. Does > > OpenConnect implement SCEP? > > It doesn't. And unless it's integrated with the protocol to the point > where it *absolutely* necessary, I think I'd prefer it to remain that > way — at least for OpenConnect *itself*. > > But if this is a setup that people need to use, we should definitely > work out how to integrate it with an existing SCEP client. Thanks for the quick reply. I agree about not spending resources on it unless there's high enough demand, or unless OpenConnect is intended as a fully equivalent drop-in replacement for Cisco AnyConnect. In the meantime it might help to just add a section on www.infradead.org/openconnect/anyconnect.html that mentions the lack of SCEP. Thanks! ___ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
Re: Does OpenConnect handle SCEP?
On Sat, 2024-04-27 at 22:56 -0400, marc...@gmail.com wrote: > > I've been looking online for an alternative to Cisco AnyConnect client > (which I haven't been able to get working on Linux) and I saw people > recommending OpenConnect. My workplace VPN is configured to do > certificate enrollment when connecting for the very first time, which > I believe is done through SCEP (simple certificate enrollment > protocol). I've installed and tried NetworkManager-openconnect but it > doesn't seem to do this initial certificate enrollment. Does > OpenConnect implement SCEP? It doesn't. And unless it's integrated with the protocol to the point where it *absolutely* necessary, I think I'd prefer it to remain that way — at least for OpenConnect *itself*. But if this is a setup that people need to use, we should definitely work out how to integrate it with an existing SCEP client. smime.p7s Description: S/MIME cryptographic signature ___ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
Does OpenConnect handle SCEP?
Hi all, I've been looking online for an alternative to Cisco AnyConnect client (which I haven't been able to get working on Linux) and I saw people recommending OpenConnect. My workplace VPN is configured to do certificate enrollment when connecting for the very first time, which I believe is done through SCEP (simple certificate enrollment protocol). I've installed and tried NetworkManager-openconnect but it doesn't seem to do this initial certificate enrollment. Does OpenConnect implement SCEP? Thank you! Tony ___ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel