Re: [Pki-users] Autoenrollment with Dogtag
Hi Christoffer,
On Tue, 20 Jan 2009, Christoffer Strömblad wrote:
As part of a future project I will be implementing a PKI using
Dogtag. The company is interested in having autoenrollment
functionality for their Linux-desktops. From what I've read I seem
to find no indication that this functionality is provided.
Is there a way to have a computer/user to be automatically provided
with a certificate upon "notice" through SCEP? What options are
available?
I wouldn't know about SCEP but for my project I plan to use the CMCenroll
functionality.
You create a signed CMC request (signed by the certificate of an
enrollment agent) using for example CMCEnroll (command line utility),
ship that to the CA into the right certificate profile, and you get a
certificate in return.
I'm using intermediate software for the conversation with the CA though, I
don't know if this would fit your purpose.
Check the command line tools guide.
http://www.redhat.com.mt/docs/manuals/cert-system/
--
Jan