Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Renew NDES SCEP certificates #22539

Closed
noahtalerman opened this issue Oct 1, 2024 · 6 comments
Closed

Renew NDES SCEP certificates #22539

noahtalerman opened this issue Oct 1, 2024 · 6 comments
Labels
customer-hubble customer-numa customer-ufa

Comments

@noahtalerman
Copy link
Member

noahtalerman commented Oct 1, 2024
edited
Loading

UPDATE: @noahtalerman: Closed this request. Let's use this request instead:

Gong snippet: prospect-hubble: https://us-65885.app.gong.io/call?id=4210985230183928646&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A902%2C%22to%22%3A929%7D%5D. note that prospect-hubble uses SCEP certs, but the provider is Sectigo. Not sure if it would matter in the renewal case which certificate provider has issued the cert or if the work done to date limits us to just NDES or if it was designed to be a broad solution for all PKI providers of the SCEP protocol.

User stories
@noahtalerman noahtalerman added ~feature fest Will be reviewed at next Feature Fest customer-numa labels Oct 1, 2024
@noahtalerman noahtalerman mentioned this issue Oct 1, 2024
Closed
14 tasks
@getvictor
Copy link
Member

With the macOS profiles command (docs), we can't link the SCEP profile with a certificate, except by common name.

@getvictor
Copy link
Member

A simple approach is to ask the user how long the certificate is issued for. We know when it is issued, so we can schedule renewal appropriately. Eventually, we would support this simple approach AND a more complex approach where we put an identifier into the common name.

I suggest we make the number of days before renewal configurable. If we are able to say that we can renew certificates every day, or even every hour, we would appeal to more security-conscious buyers, and it would make a great marketing point. cc: @spokanemac

@noahtalerman noahtalerman changed the title Renew SCEP certificates from Network Device Enrollment Service (NDES) Renew SCEP certificates Oct 11, 2024
@noahtalerman
Copy link
Member Author

Follow up to add certificate renewal for the following story:

Make this 180 days by default. Doesn't need to be configurable for now.

noahtalerman added a commit that referenced this issue Oct 14, 2024
@noahtalerman
Pricing page: Grant Wi-Fi access (SCEP certificates)
2ad4a66 
- Add experimental features
- First user story is here: #21955
  - @noahtalerman: This feature will be experimental until Fleet adds the ability to renew SCEP certificates: #22539
noahtalerman added a commit that referenced this issue Oct 14, 2024
@noahtalerman
fleetdm.com/pricing: Grant Wi-Fi access (SCEP)
d694549 
- Add experimental feature
- First user story is targeted for 4.59: #21955
- Feature will be experimental until Fleet adds ability to renew SCEP certificates: #22539
@noahtalerman noahtalerman mentioned this issue Oct 14, 2024
Merged
noahtalerman added a commit that referenced this issue Oct 15, 2024
@noahtalerman
fleetdm.com/pricing: Grant Wi-Fi access (SCEP) (#22900)
7c5ccb5 
- Add experimental feature
- First user story is targeted for 4.59: #21955
- Feature will be experimental until Fleet adds ability to renew SCEP
certificates: #22539
@noahtalerman noahtalerman removed the ~feature fest Will be reviewed at next Feature Fest label Oct 31, 2024
@noahtalerman noahtalerman added Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. ~customer request A prioritized, customer feature request. Has ≥ 1 customer codename label(s) ~customer promise A feature request from a Fleet customer that Fleet has contractually agreed to deliver and removed Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. labels Nov 7, 2024
@noahtalerman noahtalerman assigned zayhanlon and unassigned zayhanlon Nov 11, 2024
@noahtalerman noahtalerman changed the title Renew SCEP certificates Renew NDES SCEP certificates Nov 13, 2024
@noahtalerman noahtalerman mentioned this issue Nov 14, 2024
Open
@noahtalerman noahtalerman removed ~customer request A prioritized, customer feature request. Has ≥ 1 customer codename label(s) ~customer promise A feature request from a Fleet customer that Fleet has contractually agreed to deliver customer-reedtimmer labels Nov 14, 2024
@noahtalerman
Copy link
Member Author

This request isn't relevant to reedtimmer b/c they don't use NDES. They use SmallStep. I removed reedtimmer and moved the Gong snippet to this request instead: #8269

FYI @Patagonia121

@noahtalerman noahtalerman added story A user story defining an entire feature :product Product Design department (shows up on 🦢 Drafting board) labels Nov 15, 2024
@noahtalerman noahtalerman self-assigned this Nov 15, 2024
@noahtalerman noahtalerman added the #g-mdm MDM product group label Nov 15, 2024
@noahtalerman noahtalerman added ~customer promise A feature request from a Fleet customer that Fleet has contractually agreed to deliver Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. ~feature fest Will be reviewed at next Feature Fest and removed Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. story A user story defining an entire feature :product Product Design department (shows up on 🦢 Drafting board) #g-mdm MDM product group labels Nov 15, 2024
@noahtalerman noahtalerman removed their assignment Nov 15, 2024
@noahtalerman noahtalerman mentioned this issue Dec 6, 2024
Open
16 tasks
@noahtalerman noahtalerman added the ~customer request A prioritized, customer feature request. Has ≥ 1 customer codename label(s) label Dec 6, 2024
@noahtalerman
Copy link
Member Author

Closed this request. Let's use this request instead:

@fleet-release
Copy link
Contributor

Certificate renewed,
SCEP protocol improved,
Trust in Fleet renewed.

@noahtalerman noahtalerman removed ~customer request A prioritized, customer feature request. Has ≥ 1 customer codename label(s) ~feature fest Will be reviewed at next Feature Fest ~customer promise A feature request from a Fleet customer that Fleet has contractually agreed to deliver labels Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer-hubble customer-numa customer-ufa
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@getvictor @dherder @noahtalerman @fleet-release @zayhanlon