Testing Cmcenroll; Testing Enrollment - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Chapter 9. Authentication for Enrolling Certificates
3. Restart the server.
service pki-ca restart

9.3.2. Testing CMCEnroll

1. Enable CMCEnroll.
2. Create a certificate request using the certutil tool.
3. Copy the PKCS #10 ASCII output to a text file.
4. Run the CMCEnroll utility.
For example, if the input file called request34.txt, the agent certificate is stored in the
directory /var/lib/pki-ca/alias, the certificate common name of the agent certificate is
CertificateManagerAgentsCert, and the password for the certificate database is secret,
the command is as follows:
CMCEnroll -d "/var/lib/pki-ca/alias" -n "CertificateManagerAgentsCert" -r /export/
requests/request34.txt -p secret
The output of this command is stored in a file with the same filename with .out appended to the
filename.
5. Submit the signed certificate through the end-entities page.
a. Open the end-entities page.
https://server.example.com:9444/ca/ee/ca
b. Select the CMC enrollment form from the list of certificate profiles.
c. Paste the content of the output file into the Certificate Request text area of this form.
d. Remove -----BEGIN NEW CERTIFICATE REQUEST----- and ----END NEW
CERTIFICATE REQUEST----- from the pasted content.
e. Fill in the contact information, and submit the form.
6. The certificate is immediately processed and returned.
7. Use the agent page to search for the new certificate.

9.4. Testing Enrollment

For information on testing enrollment through the profiles, see
Certificates. To test whether end users can successfully enroll for a certificate using the authentication
method set:
1. Open the end-entities page.
https://server.example.com:9444/ca/ee/ca
246
Chapter 2, Making Rules for Issuing