forked from certnanny/sscep
-
Notifications
You must be signed in to change notification settings - Fork 1
Certificate Enrollment with SSCEP
Endi S. Dewata edited this page Jan 20, 2023
·
3 revisions
This page describes the certificate enrollment process using SSCEP that is installed locally.
$ dnf copr enable @pki/sscep $ dnf install sscep
To get the CA certificate:
$ sscep getca \
-u http://pki.example.com:8080/ca/cgi-bin/pkiclient.exe \
-c ca.crt
It will store the CA certificate in ca.crt. To inspect the CA certificate:
$ openssl x509 -text -noout -in ca.crt
To generate a certificate request, enter the client’s IP address and password:
$ mkrequest -ip <IP address> <password>
It will store the key in local.key and the certificate request in local.csr. To inspect the certificate request:
$ openssl req -text -noout -in local.csr
To enroll a certificate:
$ sscep enroll \
-u http://pki.example.com:8080/ca/cgi-bin/pkiclient.exe \
-c ca.crt \
-k local.key \
-r local.csr \
-l local.crt \
-E 3des \
-S sha256
It will store the certificate in local.crt. To inspect the certificate:
$ openssl x509 -text -noout -in local.crt