forked from certnanny/sscep
-
Notifications
You must be signed in to change notification settings - Fork 1
Certificate Enrollment with SSCEP Container
Endi S. Dewata edited this page Jan 20, 2023
·
2 revisions
This page describes the certificate enrollment process using SSCEP that runs in a container.
$ podman run \
--name client \
--hostname client.example.com \
--network example \
--network-alias client.example.com \
-it \
--detach \
quay.io/dogtagpki/sscep
To get the CA certificate:
$ podman exec client sscep getca \
-u http://pki.example.com:8080/ca/cgi-bin/pkiclient.exe \
-c ca.crt
It will store the CA certificate in ca.crt. To inspect the CA certificate:
$ podman exec client openssl x509 -text -noout -in ca.crt
To generate a certificate request, enter the client’s IP address and password:
$ podman exec client mkrequest -ip <IP address> <password>
It will store the key in local.key and the certificate request in local.csr. To inspect the certificate request:
$ podman exec client openssl req -text -noout -in local.csr
To enroll a certificate:
$ podman exec client sscep enroll \
-u http://pki.example.com:8080/ca/cgi-bin/pkiclient.exe \
-c ca.crt \
-k local.key \
-r local.csr \
-l local.crt \
-E 3des \
-S sha256
It will store the certificate in local.crt. To inspect the certificate:
$ podman exec client openssl x509 -text -noout -in local.crt