Get some real world experience with OpenXPKI - in this 90 minutes “Hands On” session you will learn how to modify OpenXPKI to setup automated enrollments to provision servers in your datacenter based on rulesets.

When:  Tuesday, November 3th 14:00 CET.
Where: Online    

The workshop will be held online, you should have some experience in setting up OpenXPKI already and be able to use SSH and a terminal to run common shell commands and edit files.

Reserve your seat at openxpki@whiterabbitsecurity.com - limited capacity!

Update: Agenda Details

The shared screen session will start on a prepared CentOS with an empty MariaDB, a basic configuration template, and existing Root and CA certificates. From there, we will walk through the following tasks:

  • Setup the credential Connector and configure the database
  • Create the “Server CA” realm
  • Configure a TLS profile with RSA keys
  • Create a simple enrollment configuration with manual approval
  • Create a second endpoint with shared-secret-based auto-approval and regex checking
  • Create a “Device CA” realm with ECC hierarchy
  • Configure an EST endpoint with “on-behalf” signer from the “Server CA”
  • Create an auto-enrollment with “on-behalf” for VoIP telephone using the “Eligibility” Connector and a simulated CMDB
  • Proof-of-Posession (PoP) renewal