From Dogtag
Jump to: navigation, search


This page describes the process to use SSCEP. It assumes that the SCEP service has been setup.


$ dnf install sscep

SCEP Operations

Getting CA Certificate

$ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt

It will store the CA certificate in ca.crt.

Generate Request

Enter the client's IP address and password:

$ /usr/bin/mkrequest -ip <IP address> <password>

It will generate local.key and local.csr.

Enrolling Certificate

$ sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt -k local.key -r local.csr -l cert.crt

It will store the CA certificate in cert.crt.