Maxence MOHR alias fladnaG

Hi Tomas, Of course Tomas, go ahead! :) Nitrokey HSM is cool, because it is definitely the best quality price ratio of all existing HSMs, and when working in a company where budget is limited, it is just perfect. It has downsides (for now limited to RSA 2048b and ECDSA 320b, but a better version might come out soon). A collegue of mine gave me few things to tweak in my tutorial. I'll see in the weekend to fix all he gave me to fix. Then you'll be able to include parts in EJBCA documentation ;-)

Hi Tomas, Of course Tomas, go ahead! :) Nitrokey HSM is cool, because it is definitely the best quality price ratio of all existing HSMs, and when working in a company where budget is limited, it is just perfect. It has downsides (for now limited to RSA 2048b and ECDSA 320b, but a better version might come out soon). A collegue of mine gave me few things to tweak. I'll see in the weekend to fix all he gave me to fix. Then you'll be able to include parts in EJBCA documentation ;-)

Hi guys, I wrote a full tutorial from a freshly installed Debian Stretch to a fully working CA using EJBCA and a forwarded Nitrokey. The goal of this tutorial is to build a relatively secure and cheap PKI for your business, organization or personal use, by : Installing and basically securing a full PKI software, EJBCA, on a Debian Stretch VM, Securely forwarding a HSM through the Internet from your office to the VM for EJBCA use through SSH Check it out here, it is a 4 part tutorial, estimated working...

Hi Tomas, No, i don't know any client that deperatly requires it. I noticed when i was doing a full certificate check on https://certificate.revocationcheck.com/ to test and fine tune X509 CRL distribution points, OCSP checks, etc and this came as a warning. Then i read a lot ^_^ Indeed, it is a SHOULD, so not mandatory. :-) Have a good day ! Max

Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solution for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...

Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solutions for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...

Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solutions for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...

Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solutions for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...