Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

PreviousNextUp[Front page] [Index]


In the following example we first receive the CA certificate from the PKI interoperability site of SSH Communications Security.

$$ ssh-scepclient GET-CA \ 
   -o ca \

Received CA/RA certificate 
fingerprint 9b:96:51:bb:29:0d:c9:e0:75:c8:03:0d:0d:92:60:6c

Then we enroll an RSA certificate. The user is authenticated to the CA with the key ssh. The subject name and alternative IP address are given, as well as key-usage flags.

$$ ssh-scepclient ENROLL \
    -C -p ssh \
    -o subject -P generate://pkcs8:ssh@rsa:1024/subject \
    -s 'C=FI,O=SSH,CN=SCEP Example;IP=' \
    -u digitalsignature \

Received user certificate subject-0.crt: 
fingerprint 4b:7e:d7:67:27:5e:e0:54:2f:5b:56:69:b5:01:d2:15
$$ ls subject*
subject-0.crt   subject.prv

PreviousNextUp[Front page] [Index]