This page describes the process to use SSCEP. It assumes that the SCEP service has been setup.
$ dnf install sscep
Getting CA Certificate
$ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt
It will store the CA certificate in ca.crt.
Enter the client's IP address and password:
$ /usr/bin/mkrequest -ip <IP address> <password>
It will generate local.key and local.csr.
$ sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt -k local.key -r local.csr -l cert.crt
It will store the CA certificate in cert.crt.