search

micromdm / micromdm

Mobile Device Management server
https://micromdm.io
MIT License
2.25k stars 355 forks source link

Use SCEP CA to issue other certificates #95

Open jessepeterson opened 7 years ago

jessepeterson commented 7 years ago

Noting as issue for later fleshing out. Things like DEP keypair, package/profile signing, https TLS, etc.

groob commented 7 years ago

My only objection here would be that some companies will want to defer SCEP to an external CA.

We should support that usecase first, before relying on the embedded CA too much. But if we can rely on the CA I don't see why not.

Also, self signed certs are the devil :P

jessepeterson commented 7 years ago

How about a separate CA? Perhaps that CA issues the internal SCEP CA's CA?