Open michalnicp opened 2 years ago
Integrating with the smallstep CA would be valuable for use cases other than the MDM enrollment. Related to #20213
The current Apple MDM solution uses https://github.com/micromdm/scep for issuing SCEP CA certificates during MDM enrollment. However, it does not seem to be ready for production use. We also had to fork it to add storage in MySQL. From the author https://macadmins.slack.com/archives/C023Z6A2DL0/p1664901582278619
I’ve been contemplating recommending folks check-out step-ca if they want a “real” SCEP environment — it just uses micromdm/scep’s library (though that feature is newer). micromdm/scep’s depot is super simplistic and lacks some important features (like revocation, for example).
We should investigate using smallstep. It is Apache licensed and written in Go, meaning we could probably find a way to make it part of the fleet server.
customer-reedtimmer
: Gong snippets:https://us-65885.app.gong.io/call?id=3274063432520612661&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A1342%2C%22to%22%3A1369%7D%5D