Testing Cmcenroll; Certificate-Based Enrollment - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 15. Authentication for Enrolling Certificates
/etc/init.d/rhpki-ca restart

15.4.2. Testing CMCEnroll

1. Enable CMCEnroll.
2. Create a certificate request using the certutil tool.
3. Copy the PKCS #10 ASCII output to a text file.
4. Run the CMCEnroll utility.
For example, if the input file called request34.txt, the agent certificate is stored in the
directory /var/lib/rhpki-ca/alias, the certificate common name of the agent certificate
is CertificateManagerAgentsCert, and the password for the certificate database is
1234pass, the command is as follows:
CMCEnroll -d "/var/lib/rhpki-ca/alias" -n "CertificateManagerAgentsCert"
-r /export/requests/request34.txt -p 1234pass
The output of this command is stored in a file with the same filename with .out appended to the
filename.
5. Submit the signed certificate through the end-entities page.
a. Open the end-entities page.
https://server.example.com:9443/ca/ee/ca
b. Select the CMC enrollment form from the list of certificate profiles.
c. Paste the content of the output file into the Certificate Request text area of this form.
d. Remove -----BEGIN NEW CERTIFICATE REQUEST----- and ----END NEW
CERTIFICATE REQUEST----- from the pasted content.
e. Fill in the contact information, and submit the form.
6. The certificate is immediately processed and returned.
7. Use the agent page to search for the new certificate.

15.5. Certificate-Based Enrollment

NOTE
This feature is supported only in legacy enrollment. Certificate System supports certificate-
based enrollment for browser certificates. End users can use preissued certificates to
authenticate to the server in order to enroll for certificates.
352