insecureAddress for SCEP provider #147
Comments
jbperrin88
added
enhancement
|
I workaround this issue .... by modifying the statefulSet after helm but this is not really beautiful.... If you enable insecure mode , you'll also need to add the right port map to Service. By the way , i've got another issue.... linked to this one I used existing secret with ca.json So if i understand it well (i've read a lot from sources) When this stepca service start , it look at CRL and SCEP and insecureAddress to enable insecure listener... Best regards |
|
@jbperrin88 regarding your last issue: are you using the latest version of step-ca? I remember having changed something in the order of checks recently for SCEP specifically, because I came across the same issue. The code for that is this: https://github.com/smallstep/certificates/blob/master/authority/authority.go#L638-L648. The change was introduced with smallstep/certificates@4bb88ad. We'll discuss the additional port in the chart in our upcoming open source triage meeting. |
Signed-off-by: Travis Glenn Hansen <[email protected]>
|
#206 is created to fix this. I also experienced the listener not starting unless crl is enabled or scep is turned on. Perhaps the desired behavior but initially turning it on and not seeing the port bound was a bit confusing for a newcomer. |
What would you like to be added
on ca.yaml line 88 , there is only HTTPS port configuration.
Can you add an option to set another port or just enable InsecureAddress configuration
Why this is needed
This is needed to handle InsecureAddress configuration for SCEP provider
The text was updated successfully, but these errors were encountered: