Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

PKCS #10 Enrollment

Web-form-based PKCS #10 enrollment is the simplest enrollment option supported by SSH Tectia Certifier. However, it requires more manual work than SCEP and CMP. Most of the VPN end-entity applications and devices support this method if they do not include an SCEP client.

In this enrollment method an end entity generates a key pair and a base-64-encoded (PEM-encoded) PKCS #10 certification request in a file. The PKCS #10 request is then pasted in the web form and submitted to the Web Enrollment Service. The Enrollment Service then parses the request and forwards it to Certifier Engine, which performs the policy processing (ending in approval or denial). Shared secrets can be given in the web form to enable automatic user authentication, in that case, however, TLS has to be enabled to provide confidentiality. If the policy requires manual administrator approval, the user needs to download the certificate later after it has been approved.

SSH Tectia Certifier offers a default HTML page enroll-form-start.html for PKCS #10 submitting.

Figure : PKCS #10 enrollment form

Several client applications generate a text file containing the PKCS #10 request after the key generation. The PKCS #10 request looks something like the following example:


When this string is pasted to the enrollment form and submitted, a request will be processed in Engine. If Engine cannot automatically issue the certificate, a polling ID is given to the end entity. This id can later be used for polling the issued certificate. The default polling page in the Web Enrollment Service is enroll-poll.html.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now