+1 as I had the same concerns. We can not use untrusted connection to provision certs. It would be good to create a separate workflow to provision these certs.
Regards
N
From: openbmc <openbmc-bounces+neladk=microsoft.com@lists.ozlabs.org>
On Behalf Of Zhenfei Tai
Sent: Thursday, July 23, 2020 5:46 PM
To: OpenBMC Maillist <openbmc@lists.ozlabs.org>
Subject: [EXTERNAL] bmcweb TLS certificates installation and management
Hi,
I'm recently looking into certificates installation and management for bmcweb and hope to understand the best practice in this regard.
According to the
TLS doc, bmcweb has APIs that allows root CA installation and https server certificate replacement.
My questions are:
Thanks,
Zhenfei