Hi Dusan,

I am not familiar with SCEP but let me try answering your question.

The wiki page we have is: https://www.dogtagpki.org/wiki/SCEP_Setup
The RHCS doc we have is: https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/enrolling_a_certificate_in_a_cisco_router

IIUC, if you want to use FQDN you need to add entries to DNS to map FQDN to IP address.

For other types of authentication, maybe you can read the RHCS doc:
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/automated_enrollment#Setting_up_Directory_Based_Authentication

HTH!

Regards,
--Dinesh


On Tue, Aug 18, 2020 at 6:56 AM Dusan Kozic <dusan.kozic@gmail.com> wrote:
Good day!

I am testing Dogtag CA with Cisco IOS client using the One Time Pin RouterCertificate Enrollment Certificate Profile. For authentication I am using auth.instance_id=flatFileAuth. This works OK in documented scenario where entries in flatfile.txt are like this:

UID:<IP_address>
PWD:<password>

I have a question whether it is possible to change authentication parameters in flatfile.txt to authenticate routers using other parameters than IP address,e.g. FQDN or some user provided parameters.

If not, Iam interested if this is possible if I change Authentication Manager to DirBasedAuthentication.

Please provide me some documentation and examples about FlatFileAuth and DirBasedAuthentication.

Thank you!

--
Kind regards,

Dusan Kozic

_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users