PoC EJBCA PKI with IoT devices #795
Replies: 2 comments
-
|
Dear Sir, |
Beta Was this translation helpful? Give feedback.
-
|
Hi, SCEP is the worst choice you an make. It is an outdated protocol that does not handle modern cryptography in a good way. It doesn't have a decent way to handle EC key for example, not even talking about post quantum cryptography. EST or CMP are the good choices I would recommend those. EST have a CoAP proxy as part of the specification in RFC9148. Not sure I understand the question of IoT device brands. There are hundreds of different ciphesets with different capabilities available from many vendors like NXP, Infineon, Microchip, ARM, etc etc. There are also tons of development systems out there like Arduino, Raspberry or https://www.adafruit.com/. Regards, |
Beta Was this translation helpful? Give feedback.
-
Dear Sir,
I hope you are doing well.
I am currently planning a Proof of Concept (PoC) using EJBCA solution for managing certificates in an IoT use case, where devices send weather data to an MQTT broker.
I would like to clarify which protocol should be used to manage and automate the process of requesting, issuing, and renewing digital certificate on the devices. Specifically, should I use SCEP, or are there other protocols that would be suitable? Additionally, could you recommend any specific IoT device brands or models that support automated certificate renewal via SCEP or other protocols like EST/CMP and that are easy to configure and integrate with the EJBCA PKI?
Thank you for your guidance and support.
Best regards,
Mohammed
Beta Was this translation helpful? Give feedback.
All reactions