All of lore.kernel.org
 help / color / mirror / Atom feed
* bmcweb TLS certificates installation and management
@ 2020-07-24  0:46 Zhenfei Tai
  2020-07-24  1:11 ` [EXTERNAL] " Neeraj Ladkani
  0 siblings, 1 reply; 2+ messages in thread
From: Zhenfei Tai @ 2020-07-24  0:46 UTC (permalink / raw)
  To: OpenBMC Maillist

[-- Attachment #1: Type: text/plain, Size: 520 bytes --]

Hi,

I'm recently looking into certificates installation and management for
bmcweb and hope to understand the best practice in this regard.

According to the TLS doc
<https://github.com/openbmc/docs/blob/master/security/TLS-configuration.md>,
bmcweb has APIs that allows root CA installation and https server
certificate replacement.

My questions are:

   - Should there be a separate workflow to manage certifications of BMCs?
   - Should the bmcweb APIs be used for the installation and management?


Thanks,
Zhenfei

[-- Attachment #2: Type: text/html, Size: 705 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
* RE: [EXTERNAL] bmcweb TLS certificates installation and management
  2020-07-24  0:46 bmcweb TLS certificates installation and management Zhenfei Tai
@ 2020-07-24  1:11 ` Neeraj Ladkani
  0 siblings, 0 replies; 2+ messages in thread
From: Neeraj Ladkani @ 2020-07-24  1:11 UTC (permalink / raw)
  To: Zhenfei Tai, OpenBMC Maillist

[-- Attachment #1: Type: text/plain, Size: 1248 bytes --]

+1 as I had the same concerns. We can not use untrusted connection to provision certs.   It would be good to create a separate workflow to provision these certs.

Regards
N

From: openbmc <openbmc-bounces+neladk=microsoft.com@lists.ozlabs.org> On Behalf Of Zhenfei Tai
Sent: Thursday, July 23, 2020 5:46 PM
To: OpenBMC Maillist <openbmc@lists.ozlabs.org>
Subject: [EXTERNAL] bmcweb TLS certificates installation and management

Hi,

I'm recently looking into certificates installation and management for bmcweb and hope to understand the best practice in this regard.

According to the TLS doc<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fdocs%2Fblob%2Fmaster%2Fsecurity%2FTLS-configuration.md&data=02%7C01%7Cneladk%40microsoft.com%7C846fee89707c417d83a208d82f6b216c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637311484449788358&sdata=RIIF0B3muux2NEFx%2B401u7NQCFZ%2Fi4UdENIEwsVtGDI%3D&reserved=0>, bmcweb has APIs that allows root CA installation and https server certificate replacement.

My questions are:

  *   Should there be a separate workflow to manage certifications of BMCs?
  *   Should the bmcweb APIs be used for the installation and management?

Thanks,
Zhenfei


[-- Attachment #2: Type: text/html, Size: 6134 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-24  1:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-24  0:46 bmcweb TLS certificates installation and management Zhenfei Tai
2020-07-24  1:11 ` [EXTERNAL] " Neeraj Ladkani

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.