rfc2136_bridge
scep
rfc2136_bridge | scep | |
---|---|---|
1 | 2 | |
4 | 308 | |
- | 0.6% | |
1.4 | 5.1 | |
about 1 year ago | about 2 months ago | |
Python | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rfc2136_bridge
-
Easy HTTPS for your private networks
Somewhat related - I made a bridge server [1] that lets ACME clients use standard RFC2136 to solve DNS-01 challenges for internal names without them needing credentials for the actual DNS backend (Route 53 in my case).
[1] https://github.com/schlarpc/rfc2136_bridge/blob/main/src/rfc...
scep
-
Easy HTTPS for your private networks
> You need a PKI which exposes a SCEP endpoint (ejbca or dogtag supports this).
Uhh...
> [...] ejbca [...]
Now you have two problems.
What I mean is, if you’ve been already running EJBCA for whatever reason then this is perhaps reasonable, but if your current setup is at the level of typing `openssl req` into a terminal (whether that’s a good idea or not), this sounds like a lot of additional complexity. (Can’t say anything about dogtag.)
I’ve been waiting forever for somebody to add an ACME backend to the Go SCEP library[1], but it doesn’t look like that happened. In the meantime it makes a fairly competent standalone server at the abovementioned invoke-openssl-by-hand level.
[1] https://github.com/micromdm/scep
-
Anyone using micromdm/scep server with SCEP profile?
The SCEP is working as it has no issue with our Macs and Jamf. Has anyone gotten this https://github.com/micromdm/scep to work with Intune? If so, would be nice to share the exact steps. CA has been added to root and the config to the scep is setup sort of following this https://www.ironwifi.com/help/scep Yet the scep profile fails when it gets pushed out. I just have under assignment status: "Error". The root certificate config profile pushes out successfully.
What are some alternatives?
minica - minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.
lexicon - Manipulate DNS records on various DNS providers in a standardized way.
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
cert-manager - Automatically provision and manage TLS certificates in Kubernetes
mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
bettertls - BetterTLS: A Name Constraints test suite for HTTPS clients.