initial commit

1 files changed, 32 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..dc2ebf5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,32 @@
+# Overview
+
+[cepceslib](https://bgstack15.ddns.net/cgit/cepceslib) is a minimal POSIX shell and python library for using CEP/CES certificate enrollment from GNU/Linux in an Active Directory Certificate Services environment.
+
+# Alternatives
+[cepces](https://github.com/openSUSE/cepces) is a much larger project, but works only with certmonger which is a complex project, and also avoids username auth.
+
+# Usage
+
+## Use CEP
+The purpose of Certificate Enrollment Policy (CEP) is to list the user's available templates and enrollment endpoints.
+
+### Example CEP input
+
+    $ CEPURL="https://ces.example.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP" CESUSER="sa839" CESPASSWORDFILE=~/.config/user1 ./cepceslib.sh use_cep
+
+### Example CEP output
+
+    endpoints:https://ces.example.com/Example%20CA%20Name_CES_Kerberos/service.svc/CES,https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES
+    SubCA
+    WebServer
+
+## Use CES
+The purpose of Certificate Enrollment Service is to enroll certificates.
+
+### Example CES input
+Save a WebServer certificate down to example.key and example.pem. Note that by default the CERTFILE will contain the entire certificate chain, with the root first and leaf last.
+
+    CESURL="https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES" KEYFILE=example.key CSRFILE=example.csr CESPASSWORDFILE=~/.config/user1 CESUSER=sa839 CERTFILE=example.pem TEMPLATE="WebServer" ./cepceslib.sh use_ces
+
+### Example CES output
+None. The certificate chain is stored in `CERTFILE`, and the key is stored in `KEYFILE`.