Skip to content
/ mysqlscepserver Public
forked from jessepeterson/mysqlscepserver

A small, slightly opinionated SQL-backed SCEP server written in Go.

License

MIT license
0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alwatts/mysqlscepserver

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
depot.go
depot.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
schema.sql
schema.sql
 
 

Repository files navigation

mysqlscepserver

mysqlscepserver is a small, slightly opinionated SCEP server. It uses a MySQL backend for the CA's storage. mysqlscepserver is largely based on the MicroMDM SCEP server.

Usage:

Either download a release, or build from source (below). Once you have the binary, go ahead and run it:

MySQL setup and configuration is out of scope for this documentation. But suffice it to say you need a database to connect to with the tables in the schema.sql file.

$ ./mysqlscepserver-darwin-amd64 
must supply DSN, CA pass, and API key
Usage of ./mysqlscepserver-darwin-amd64:
  -api string
    	API key for challenge API endpoints
  -capass string
    	passwd for the ca.key
  -challenge string
    	static challenge password (disables dynamic challenges
  -debug
    	enable debug logging
  -dsn string
    	SQL data source name (connection string)
  -listen string
    	port to listen on (default ":8080")
  -version
    	print version and exit

As the error states, we need to specify a MySQL DSN, CA password, and an API key:

$ ./mysqlscepserver-darwin-amd64 -dsn 'scepuser:scepsecret@tcp(127.0.0.1:3306)/scepdb' -capass casecret -api apisecret
level=info ts=2021-05-29T19:01:00.755984Z caller=main.go:102 transport=http listen=:8080 msg=listening

The DSN is in the form that the MySQL driver expects.

Environment variables can be used instead of command line switches as follows:

Environment Variable Equivalent Switch
SCEP_API_KEY -api
SCEP_CA_PASS -capass
SCEP_CHALLENGE_PASSWORD -challenge
SCEP_LOG_DEBUG -debug
SCEP_DSN -dsn
SCEP_HTTP_LISTEN -listen

Challenge API

If a static challenge is not specified on the command line then the server uses to SCEP challenges to authenticate SCEP requests. The server has an API for generating one-time-use SCEP challanges:

$ curl -u api:apisecret http://localhost:8080/challenge && echo
{
	"challenge": "7nA8+ljk0EwHNcXCADFOCJQ4D/G9xOY9"
}

This challenge can then be used by a SCEP client to authenticate their SCEP request.

Building

Have the Go tools installed, checkout the code, then run make:

$ make
GOOS=darwin GOARCH=amd64 go build -ldflags "-X main.version=v0.1.0" -o mysqlscepserver-darwin-amd64 ./

Docker build and run

make docker
docker build . --tag jessepeterson/mysqlscepserver:latest
docker run -it --rm -p 8080:8080 jessepeterson/mysqlscepserver:latest -dsn 'scepuser:scepsecret@tcp(127.0.0.1:3306)/scepdb' -capass casecret -api apisecret

About

A small, slightly opinionated SQL-backed SCEP server written in Go.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 91.9%
  • Makefile 7.0%
  • Dockerfile 1.1%