Does anyone know of a project / product that has standardized how to access/download x509/SSL certificates over HTTP? I have seen RFC 4387 but haven't found anyone who implements it. Basically, I am trying to setup a key server for an internal application.
So short of implementing my own, does anyone have any suggestions?
That is the only "standard" for an HTTP-accessible certificate repository, but I've never seen it implemented. Most CAs that provide an HTTP repository do not use a standard, machine-accessible interface. For example, Verisign provides a certificate repository for certificates it issues to US government employees, and makes it accessible through a form-based web application.
For a machine interface, "everyone" uses LDAP. More importantly, while LDAP-enabled clients are common, I've never seen a client application that supported an HTTP interface. What do you plan to do with an HTTP repository?