[rs-commit] r527 - /rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Sun Sep 14 13:55:31 CEST 2025 

Author: minfrin at redwax.eu
Date: Sun Sep 14 13:55:30 2025
New Revision: 527

Log:
Add an example of certmonger integration.

Modified:
    rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5

Modified: rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5
==============================================================================
--- rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5	(original)
+++ rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5	Sun Sep 14 13:55:30 2025
@@ -346,6 +346,110 @@
           </div>
         </div>
       </section>
+      <section class="wrapper style1 align-center" id="routeros">
+        <div class="inner">
+          <h2>SCEP with Certmonger</h2>
+          <p>
+            The <a href="https://pagure.io/certmonger">Certmonger</a> certificate management
+            daemon supports a SCEP client, and can request certificates from a Redwax
+            Server. Certmonger is supported in many Linux distributions.
+          </p>
+          <div class="index align-left">
+            <section>
+              <header>
+                <h3>SCEP over HTTP</h3>
+              </header>
+              <div class="content">
+                <p>
+                  Add a SCEP definition and specify where the CA's certificate is to be
+                  saved as follows.
+                </p>
+                <pre>
+<code><![CDATA[root at linux ~]# getcert add-scep-ca --ca=redwax-interop \
+	--url=http://interop.redwax.eu/test/provider/scep
+New CA "redwax-interop" added.
+[root at linux ~]# getcert request --ca=redwax-interop \
+	--keyfile=/etc/pki/tls/private/test-certificate.key \
+	--certfile=/etc/pki/tls/certs/test-certificate.pem \
+	--key-usage=dataEncipherment \
+	--key-usage=digitalSignature ]
+	--extended-key-usage=id-kp-clientAuth
+New signing request "20250914102543" added.
+[root at linux ~]# getcert list
+Number of certificates and requests being tracked: 1.
+Request ID '20250914102543':
+	status: MONITORING
+	stuck: no
+	key pair storage: type=FILE,location='/etc/pki/tls/private/test-certificate.key'
+	certificate: type=FILE,location='/etc/pki/tls/certs/test-certificate.pem'
+	signing request thumbprint (MD5): A5D9C7FD DB51FC05 E096DDE1 1B31E6F3
+	signing request thumbprint (SHA1): F6EEF60A FBF22909 699C1666 3A332E8D 79D24338
+	CA: redwax-interop
+	issuer: O=Redwax Project,CN=Redwax Interop Testing Root Certificate Authority 2040
+	subject: CN=linux.local
+	issued: 2025-09-13 11:28:52 BST
+	expires: 2025-09-15 11:28:52 BST
+	key usage: digitalSignature,nonRepudiation,keyEncipherment
+	eku: id-kp-clientAuth
+	pre-save command: 
+	post-save command: 
+	track: yes
+	auto-renew: yes
+]]></code>
+                </pre>
+              </div>
+            </section>
+          </div>
+          <div class="index align-left">
+            <section>
+              <header>
+                <h3>SCEP over HTTPS</h3>
+              </header>
+              <div class="content">
+                <p>
+                  When the SCEP server is hosted on a secure server, the CA certificate
+                  for the SCEP server must be provided for the connection to be trusted.
+                  This mustn't be confused with the CA certificate that will sign the
+                  certificate to be received in the other direction.
+                </p>
+                <pre>
+<code><![CDATA[root at linux ~]# getcert add-scep-ca --ca=redwax-interop-secure \
+	--url=https://interop.redwax.eu/test/provider/scep \
+	--ca-cert=/etc/pki/tls/certs/ca-bundle.crt
+New CA "redwax-interop-secure" added.
+[root at linux ~]# getcert request --ca=redwax-interop-secure \
+	--keyfile=/etc/pki/tls/private/test-certificate-secure.key \
+	--certfile=/etc/pki/tls/certs/test-certificate-secure.pem \
+	--key-usage=dataEncipherment --key-usage=digitalSignature \
+	--extended-key-usage=id-kp-clientAuth
+New signing request "20250914105556" added.
+[root at linux ~]# getcert list
+Number of certificates and requests being tracked: 1.
+Request ID '20250914105556':
+	status: MONITORING
+	stuck: no
+	key pair storage: type=FILE,location='/etc/pki/tls/private/test-certificate-secure.key'
+	certificate: type=FILE,location='/etc/pki/tls/certs/test-certificate-secure.pem'
+	signing request thumbprint (MD5): 4A2180D8 C65A38FB 43120F65 AB3FC3F5
+	signing request thumbprint (SHA1): 2B78ABFF 0A224BD0 6B574EBA E156FF64 75D18A56
+	CA: redwax-interop-secure
+	issuer: O=Redwax Project,CN=Redwax Interop Testing Root Certificate Authority 2040
+	subject: CN=linux.local
+	issued: 2025-09-13 12:09:59 BST
+	expires: 2025-09-15 12:09:59 BST
+	key usage: digitalSignature,nonRepudiation,keyEncipherment
+	eku: id-kp-clientAuth
+	pre-save command: 
+	post-save command: 
+	track: yes
+	auto-renew: yes
+]]></code>
+                </pre>
+              </div>
+            </section>
+          </div>
+        </div>
+      </section>
     </div>
   </body>
 </html>

More information about the rs-commit mailing list