Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

PreviousNextUp[Front page] [Index]

PKCS #10 Enrollment

Web-form-based PKCS #10 enrollment is the simplest enrollment option supported by SSH Tectia Certifier. However, it requires more manual work than SCEP and CMP. Most of the VPN end-entity applications and devices support this method if they do not include an SCEP client.

In this enrollment method an end entity generates a key pair and a base-64-encoded (PEM-encoded) PKCS #10 certification request in a file. The PKCS #10 request is then pasted in the web form and submitted to the Web Enrollment Service. The Enrollment Service then parses the request and forwards it to Certifier Engine, which performs the policy processing (ending in approval or denial). Shared secrets can be given in the web form to enable automatic user authentication, in that case, however, TLS has to be enabled to provide confidentiality. If the policy requires manual administrator approval, the user needs to download the certificate later after it has been approved.

SSH Tectia Certifier offers a default HTML page enroll-form-start.html for PKCS #10 submitting.

Figure : PKCS #10 enrollment form

Several client applications generate a text file containing the PKCS #10 request after the key generation. The PKCS #10 request looks something like the following example:


When this string is pasted to the enrollment form and submitted, a request will be processed in Engine. If Engine cannot automatically issue the certificate, a polling ID is given to the end entity. This id can later be used for polling the issued certificate. The default polling page in the Web Enrollment Service is enroll-poll.html.

PreviousNextUp[Front page] [Index]