[Pki-users] Autoenrollment with Dogtag
Jan Meijer
Jan.Meijer at uninett.no
Wed Feb 4 10:25:55 UTC 2009
Hi Christoffer,
On Tue, 20 Jan 2009, Christoffer Strömblad wrote:
> As part of a future project I will be implementing a PKI using
> Dogtag. The company is interested in having autoenrollment
> functionality for their Linux-desktops. From what I've read I seem
> to find no indication that this functionality is provided.
>
> Is there a way to have a computer/user to be automatically provided
> with a certificate upon "notice" through SCEP? What options are
> available?
I wouldn't know about SCEP but for my project I plan to use the CMCenroll
functionality.
You create a signed CMC request (signed by the certificate of an
enrollment agent) using for example CMCEnroll (command line utility),
ship that to the CA into the right certificate profile, and you get a
certificate in return.
I'm using intermediate software for the conversation with the CA though, I
don't know if this would fit your purpose.
Check the command line tools guide.
http://www.redhat.com.mt/docs/manuals/cert-system/
--
Jan
More information about the Pki-users
mailing list