Open Source PKI

From Dogtag

Contents

Overview

This page describes the process to use SSCEP. It assumes that the SCEP service has been setup.

Installation

$ dnf install sscep

SCEP Operations

Getting CA Certificate

$ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt

It will store the CA certificate in ca.crt.

Generate Request

Enter the client's IP address and password:

$ /usr/bin/mkrequest -ip <IP address> <password>

It will generate local.key and local.csr.

Enrolling Certificate

$ sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt -k local.key -r local.csr -l cert.crt

It will store the CA certificate in cert.crt.

References