Knowledge Base

If you have GNU/Linux clients that need to use CEP/CES with UsernamePassword auth (because kerberos is unavailable for bad reasons), you can use my new project cepceslib.

It's not better than using proper kerberos auth, but it serves a niche my users came across.

Read the readme, but the basic usage is:

CESURL="https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES" KEYFILE=example.key CSRFILE=example.csr CESPASSWORDFILE=~/.config/user1 CESUSER=sa839 CERTFILE=example.pem TEMPLATE="WebServer" CN="example1.example.com" SANS="san1.example.com,san2.example.com" ./cepceslib.sh use_ces

Which will generate the private key and public certificate to the files indicated.

This newer tech was much easier to use, even with the hidden invisible magic values of xml needed, than my crusty certreq. I'm very proud of certreq, and it served my needs then, but with the modern way of disposing of old (and presumably insecure) tech, I got to write a new client, and it was way smaller and easier!