PreviousNextUp[Front page] [Index]


In the following example we first receive the CA certificate from the PKI interoperability site of SSH Communications Security.

$$ ssh-scepclient GET-CA \ 
   -o ca \

Received CA/RA certificate 
fingerprint 9b:96:51:bb:29:0d:c9:e0:75:c8:03:0d:0d:92:60:6c

Then we enroll an RSA certificate. The user is authenticated to the CA with the key ssh. The subject name and alternative IP address are given, as well as key-usage flags.

$$ ssh-scepclient ENROLL \
    -C -p ssh \
    -o subject -P generate://pkcs8:ssh@rsa:1024/subject \
    -s 'C=FI,O=SSH,CN=SCEP Example;IP=' \
    -u digitalsignature \

Received user certificate subject-0.crt: 
fingerprint 4b:7e:d7:67:27:5e:e0:54:2f:5b:56:69:b5:01:d2:15
$$ ls subject*
subject-0.crt   subject.prv

PreviousNextUp[Front page] [Index]