|[Front page] [Index]|
In the following example we first receive the CA certificate from the PKI interoperability site of SSH Communications Security.
$$ ssh-scepclient GET-CA \ -o ca http://pki.ssh.com:8080/scep/ \ test-ca1.ssh.com Received CA/RA certificate ca-0.ca: fingerprint 9b:96:51:bb:29:0d:c9:e0:75:c8:03:0d:0d:92:60:6c
Then we enroll an RSA certificate. The user is authenticated to the CA with the key
ssh. The subject name and alternative IP address are given, as well as key-usage flags.
$$ ssh-scepclient ENROLL \ -C ca-0.ca -p ssh \ -o subject -P generate://pkcs8:ssh@rsa:1024/subject \ -s 'C=FI,O=SSH,CN=SCEP Example;IP=126.96.36.199' \ -u digitalsignature \ http://pki.ssh.com:8080/scep/ Received user certificate subject-0.crt: fingerprint 4b:7e:d7:67:27:5e:e0:54:2f:5b:56:69:b5:01:d2:15 $$ ls subject* subject-0.crt subject.prv
[Front page] [Index]