|[Front page] [Index]|
PKCS #10 Enrollment
Web-form-based PKCS #10 enrollment is the simplest enrollment option supported by SSH Tectia Certifier. However, it requires more manual work than SCEP and CMP. Most of the VPN end-entity applications and devices support this method if they do not include an SCEP client.
In this enrollment method an end entity generates a key pair and a base-64-encoded (PEM-encoded) PKCS #10 certification request in a file. The PKCS #10 request is then pasted in the web form and submitted to the Web Enrollment Service. The Enrollment Service then parses the request and forwards it to Certifier Engine, which performs the policy processing (ending in approval or denial). Shared secrets can be given in the web form to enable automatic user authentication, in that case, however, TLS has to be enabled to provide confidentiality. If the policy requires manual administrator approval, the user needs to download the certificate later after it has been approved.
-----BEGIN CERTIFICATE REQUEST----- MIIBwjCCASsCAQAwYjEQMA4GA1UEBhMHRmlubGFuZDEoMCYGA1UEChMfU1NIIENvbW11bmljYXR pb25zIFNlY3VyaXR5IEx0ZDENMAsGA1UECxMEVGVjaDEVMBMGA1UEAxMMMTkyLjE2OC4yLjQ2MI GdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC3RCZScukV5VacEv7t2dlbCNaFUI8c+WkqQZOBH l88eYPSjImxK4sF/6siNT5596X/LTSbImlLta56K3FbsYDmOuR6OFT6TVgi909z2jIcgn0c3JjR enn87thTu9ZXYJApt6+/ENSC0PtXcwwXvbNEn79D29o90Szgk8w+/dRZxQIBJaAiMCAGCSqGSIb 3DQEJDjETMBEwDwYDVR0RBAgwBocEwKgCLjANBgkqhkiG9w0BAQQFAAOBgQBsjd4qSie3Iycqff OI7uMHziZgHX0MMugVzJArlgtmM/Z7E8jeoB2v8ghLLEqFMvLLx+1vDkGgaJM52OZkC6VBT1YJg XRVOpeJEI8B21yATN/yI/2H6tEzodODQ1IZuFtkNvgI2I9JWKNAXUkpxAoi2ot4tPqzMOrPe4qu A1m7Nw== -----END CERTIFICATE REQUEST-----
When this string is pasted to the enrollment form and submitted, a request will be processed in Engine. If Engine cannot automatically issue the certificate, a polling ID is given to the end entity. This id can later be used for polling the issued certificate. The default polling page in the Web Enrollment Service is