* bmcweb TLS certificates installation and management @ 2020-07-24 0:46 Zhenfei Tai 2020-07-24 1:11 ` [EXTERNAL] " Neeraj Ladkani 0 siblings, 1 reply; 2+ messages in thread From: Zhenfei Tai @ 2020-07-24 0:46 UTC (permalink / raw) To: OpenBMC Maillist [-- Attachment #1: Type: text/plain, Size: 520 bytes --] Hi, I'm recently looking into certificates installation and management for bmcweb and hope to understand the best practice in this regard. According to the TLS doc <https://github.com/openbmc/docs/blob/master/security/TLS-configuration.md>, bmcweb has APIs that allows root CA installation and https server certificate replacement. My questions are: - Should there be a separate workflow to manage certifications of BMCs? - Should the bmcweb APIs be used for the installation and management? Thanks, Zhenfei [-- Attachment #2: Type: text/html, Size: 705 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: [EXTERNAL] bmcweb TLS certificates installation and management 2020-07-24 0:46 bmcweb TLS certificates installation and management Zhenfei Tai @ 2020-07-24 1:11 ` Neeraj Ladkani 0 siblings, 0 replies; 2+ messages in thread From: Neeraj Ladkani @ 2020-07-24 1:11 UTC (permalink / raw) To: Zhenfei Tai, OpenBMC Maillist [-- Attachment #1: Type: text/plain, Size: 1248 bytes --] +1 as I had the same concerns. We can not use untrusted connection to provision certs. It would be good to create a separate workflow to provision these certs. Regards N From: openbmc <openbmc-bounces+neladk=microsoft.com@lists.ozlabs.org> On Behalf Of Zhenfei Tai Sent: Thursday, July 23, 2020 5:46 PM To: OpenBMC Maillist <openbmc@lists.ozlabs.org> Subject: [EXTERNAL] bmcweb TLS certificates installation and management Hi, I'm recently looking into certificates installation and management for bmcweb and hope to understand the best practice in this regard. According to the TLS doc<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fdocs%2Fblob%2Fmaster%2Fsecurity%2FTLS-configuration.md&data=02%7C01%7Cneladk%40microsoft.com%7C846fee89707c417d83a208d82f6b216c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637311484449788358&sdata=RIIF0B3muux2NEFx%2B401u7NQCFZ%2Fi4UdENIEwsVtGDI%3D&reserved=0>, bmcweb has APIs that allows root CA installation and https server certificate replacement. My questions are: * Should there be a separate workflow to manage certifications of BMCs? * Should the bmcweb APIs be used for the installation and management? Thanks, Zhenfei [-- Attachment #2: Type: text/html, Size: 6134 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-24 1:18 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-07-24 0:46 bmcweb TLS certificates installation and management Zhenfei Tai 2020-07-24 1:11 ` [EXTERNAL] " Neeraj Ladkani
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.