Open pegahnikbakht opened 1 week ago
hslatman
commented
1 week ago Hey @pegahnikbakht, that's not possible using the SCEP provisioner, and not going to be supported, as that's not what the SCEP protocol is intended for.
Depending on your use case and architecture, you might be able to use the certificate obtained through SCEP and its corresponding private key to sign a JWT (on the client side) that includes the x5c claim with the signed certificate, though.
pegahnikbakht
commented
1 week ago Hi @hslatman how about a JWK provisioner? how can I send a CSR to the step-ca server and receive a JWT token instead of cert?
hslatman
commented
1 week ago It's not possible to send a CSR to obtain a JWT. The JWK provisioner takes a JWT and a CSR and returns a certificate, always.
If all you're looking for is a JWT, you can use a JWK provisioner and the step ca token command to generate one. But it would be a bit of a convoluted way to get one that way.
This is starting to sound like an XY problem. What exactly are you looking for to do?
pegahnikbakht
commented
1 week ago @hslatman we just want to be able to get both signed cert and signed jwt tokens (instead of certs) from CA server, but then I think step-ca can not really do that.
hslatman
commented
1 week ago You're right, step-ca doesn't have something like a secure token service built-in. As mentioned, with the JWK provisioner you can create tokens, but that probably doesn't fully fit your use case.
It does sound like an interesting functionality / feature, though, so you could opt for opening a new issue describing the use case in a little more depth. We'll then discuss it in our open source triage meeting, and can think about it.
Hi,
Is it possible to get a jwt token instead of a singed cert with SCEP provisioner in STEP-CA?
Thanks for the help Pegah