-
Notifications
You must be signed in to change notification settings - Fork 141
Configuring SCEP
Endi S. Dewata edited this page Jul 12, 2021
·
5 revisions
This page describes the process to configure SCEP in CA.
The SCEP service uses caRouterCert profile stored in /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg:
auth.instance_id=flatFileAuth
Disable deferOnFailure in /var/lib/pki/pki-tomcat/ca/conf/CS.cfg:
auths.instance.flatFileAuth.deferOnFailure=false
Enable SCEP in /var/lib/pki/pki-tomcat/ca/conf/CS.cfg:
ca.scep.enable=true
To test unmodified SSCEP, enable DES and MD5:
ca.scep.allowedEncryptionAlgorithms=DES,DES3 ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
Edit /var/lib/pki/pki-tomcat/ca/conf/flatfile.txt to enter the client’s IP address and password:
UID:<IP address> PWD:<password> UID:<IP address> PWD:<password> ...
Then restart the server:
$ systemctl restart [email protected]
The SCEP service can be accessed at http://server.example.com:8080/ca/cgi-bin/pkiclient.exe.
Validate with SSCEP.
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |