Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

PKCS #10 Enrollment

Web-form-based PKCS #10 enrollment is the simplest enrollment option supported by SSH Tectia Certifier. However, it requires more manual work than SCEP and CMP. Most of the VPN end-entity applications and devices support this method if they do not include an SCEP client.

In this enrollment method an end entity generates a key pair and a base-64-encoded (PEM-encoded) PKCS #10 certification request in a file. The PKCS #10 request is then pasted in the web form and submitted to the Web Enrollment Service. The Enrollment Service then parses the request and forwards it to Certifier Engine, which performs the policy processing (ending in approval or denial). Shared secrets can be given in the web form to enable automatic user authentication, in that case, however, TLS has to be enabled to provide confidentiality. If the policy requires manual administrator approval, the user needs to download the certificate later after it has been approved.

SSH Tectia Certifier offers a default HTML page enroll-form-start.html for PKCS #10 submitting.

Figure : PKCS #10 enrollment form

Several client applications generate a text file containing the PKCS #10 request after the key generation. The PKCS #10 request looks something like the following example:


When this string is pasted to the enrollment form and submitted, a request will be processed in Engine. If Engine cannot automatically issue the certificate, a polling ID is given to the end entity. This id can later be used for polling the issued certificate. The default polling page in the Web Enrollment Service is enroll-poll.html.

PreviousNextUp[Front page] [Index]

Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps