[EXTERNAL] bmcweb TLS certificates installation and management
Neeraj Ladkani
neladk at microsoft.com
Fri Jul 24 11:11:35 AEST 2020
+1 as I had the same concerns. We can not use untrusted connection to provision certs. It would be good to create a separate workflow to provision these certs.
Regards
N
From: openbmc <openbmc-bounces+neladk=microsoft.com at lists.ozlabs.org> On Behalf Of Zhenfei Tai
Sent: Thursday, July 23, 2020 5:46 PM
To: OpenBMC Maillist <openbmc at lists.ozlabs.org>
Subject: [EXTERNAL] bmcweb TLS certificates installation and management
Hi,
I'm recently looking into certificates installation and management for bmcweb and hope to understand the best practice in this regard.
According to the TLS doc<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fdocs%2Fblob%2Fmaster%2Fsecurity%2FTLS-configuration.md&data=02%7C01%7Cneladk%40microsoft.com%7C846fee89707c417d83a208d82f6b216c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637311484449788358&sdata=RIIF0B3muux2NEFx%2B401u7NQCFZ%2Fi4UdENIEwsVtGDI%3D&reserved=0>, bmcweb has APIs that allows root CA installation and https server certificate replacement.
My questions are:
* Should there be a separate workflow to manage certifications of BMCs?
* Should the bmcweb APIs be used for the installation and management?
Thanks,
Zhenfei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200724/2bda8fe2/attachment.htm>
More information about the openbmc
mailing list