Hello everyone,

I have a requirement to provide a service to our internal linux systems to allow them to self-register and receive a certificate representing the host itself and then a cert representing any application on that host. I have installed DogTag, it's up and running and seems to be working.

I'd like to be able to use REST to request a certificate and have it auto-signed. I know that DogTag has a REST interface and while the interface is documented, there are no examples where I can see how it would actually be used to post a CSR, fetch a cert, etc.

Normally, I'd just sniff a request made with getcert but as I'm using just dogtag as a standalone install and not as a part of FreeIPA, getcert has no knowledge of my local DogTag CA:

[root@dogtag lib]# getcert list-cas
CA 'SelfSign':
        is-default: no
        ca-type: INTERNAL:SELF
        next-serial-number: 01
CA 'IPA':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/ipa-submit
CA 'certmaster':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/certmaster-submit
CA 'dogtag-ipa-renew-agent':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
CA 'local':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/local-submit

so... how do I make it aware? I'm using fedora21 so I'm at certmonger-0.76.8-1.fc21 and don't have access to the add-ca subtask. It looks like I'd edit files in /var/lib/certmonger/cas but I'm not sure what to add.

I apologize in advance for the pedestrian questions. I have read the docs and the getting started guide and while they provide examples for self-signed certs and for using FreeIPA, I don't see much info on using getcert with DogTag as a standalone product. I'd also like to explore using SCEP for requesting certs from our MS PKI. Is there a guide or info setting up certmonger/getcert to hit a SCEP URL?

Thanks for your continued work on DogTag and certmonger. They ROCK and will solve big problems for my client if I can just get them to work the way I need them to.

--steve