Replacing CA component of Boulder


#1

Did anybody successfully replaced the CA component of boulder with a CA component from a different vendor? If I understand the documentation correctly the communication within boulder is done utilizing the CMP protocol, so it shouldn’t be a very big deal, but I haven’t found any documentation about this.

The background of my question is, that we are already operating a CA and would like to offer in the future ACME as an automatic certificate management protocol for a server farm that is right now being manually provided with certificate coming from our CA.


#2

I’m not personally aware of anyone that has done this.

Boulder doesn’t implement the Certificate Management Protocol (CMP) that EJBCA and some other pieces of software use. Historically the components have talked to each other over a RabbitMQ broker but we are gradually replacing that with gRPC. Boulder wasn’t written with the intention to make swapping out the components especially easy, I expect it would be a fair amount of work to replace the CA with an existing CA from another vendor.


#3

Thank you for the quick feedback.

With best regards,
Rufus Buschart

Siemens AG
Information Technology

mailto:rufus.buschart@siemens.com



#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.