[Pki-users] No SCEP Enrollment option in the SSL End Users Services page
Marc Sauton
msauton at redhat.com
Mon Apr 20 20:31:18 UTC 2009
Fortunato wrote:
> Hello list,
>
> I don't know exactly where the differences are between Dogtag 1.1.0 and the documentation (currently 7.3)
Dogtag 1.1.0 is the open source development project of the released
commercial product RHCS 7.3.
One way to get an idea of the changes, is to go through the archive lists:
https://www.redhat.com/mailman/private/pki-commits/
> , but under SSL End Users Services there's no SCEP Enrollment option.
In the RA's "SSL End Users Services" page, there should be a "SCEP
Enrollment" link, url looks like this:
https://<fqdn:port>/ee/index.cgi (default port 12899)
Also by default, a CA EE enrollment pages and "List Certificate
Profiles" will list the caRouterCert and caRARouterCert profiles.
**
> Am I missing an option/config?
Should not, seem quite strange if you do not see those.
> pki-ra 1.1.0 is installed.
>
ok, so you want to use SCEP with a RA.
> There are what appear to be 3 tabs: Enrollment, Revocation and Retrieval - under the ca pkiconsole.
>
Those are for SSL sub system certificates.
> Do any of the listed Certificate Profiles match to what the manual refers to as SCEP Enrollment and the Request Submission - Manager?
>
The Request Submission is to get the one time pin for the device.
The SCEP Enrollment page shows the link to configure on the device.
Those 2 are listed in the "EE" pages of the RA instance.
See the profiles like in the directory
/var/lib/rhpki-<ca-instance-id>/profiles/ca/caRA*
Specially caRARouterCert profile on the CA instance (caRouterCert s for
CA mode).
Some pointers:
http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Registration_Authority-Working_With_the_Registration_Authority.html
http://pki.fedoraproject.org/wiki/PKI_SCEP_Support_In_Certificate_System
http://pki.fedoraproject.org/wiki/PKI_Cisco_Routers_%28IOS%29
> Regards,
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
More information about the Pki-users
mailing list