Distinguish CSR filename created by scepclient

[MichalMMac]

Steps to create a problem:

1. Use scepclient to get a new certificate (A). Specify path to the private key with -private-key "/path/private/A.key" and the certificate with -certificate "/path/cert/A.pem".
2. CSR file csr.pem is automatically created in the directory where the private key is located - /path/private/csr.pem. csr.pem persists after scepclient exists.
3. Use scepclient to get a second different certificate (B) with -private-key "/path/private/B.key. Path to the private key (B) has a different filename but key file is located in the same directory as the first key (A). csr.pem is read from filesystem without modification even though the command-line arguments (e.g. cert subject) are completely different when requesting (B).

Workarounds:

• Make sure only one private key is present in the directory specified by -private-key
• Make sure csr.pem is deleted after each time running scepclient. This is not a good enough solution in situations where there could be multiple scepclient instances running at the same time.

Possible solutions:

• New optional -csr flag which would enable the admin to specify path to the csr file
• Infer csr file name from the name of the private key ~ private-key-name_csr.pem
• scepclient automatically cleans up csr.pem file (does not solve the race condition by itself)

[jessepeterson]

Ah, thank you for opening this! Yes the scepclient workflow with how it handles the on-disk CSRs and such is a bit problematic. I've experienced headache due to this. I'd like to another look at that whole thing.

One of the original thoughts, I think, was that you could create your own CSR & private key without scepclient if you wanted, and just use scepclient to be the conduit between those files and the scep server. I'd like to hope to preserve that use case in whatever comes out.