Skip to content

Certificate Enrollment with SSCEP

Jump to bottom
Endi S. Dewata edited this page Nov 3, 2021 · 10 revisions

Overview

This page describes the certificate enrollment process using SSCEP. See Building SSCEP.

It assumes the SCEP responder has been configured in the CA. See Configuring SCEP Responder.

Getting CA Certificate

To get the CA certificate:

$ sscep getca \
    -u http://pki.example.com:8080/ca/cgi-bin/pkiclient.exe \
    -c ca.crt

It will store the CA certificate in ca.crt.

Generate Certificate Request

To generate a certificate request, enter the client’s IP address and password:

$ /usr/bin/mkrequest -ip <IP address> <password>

It will generate a local.key and a local.csr.

See also mkrequest.

Enrolling Certificate

To enroll a certificate:

$ sscep enroll \
    -u http://pki.example.com:8080/ca/cgi-bin/pkiclient.exe \
    -c ca.crt \
    -k local.key \
    -r local.csr \
    -l local.crt \
    -E 3des \
    -S sha256

It will store the certificate in local.crt.

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally