diff options
author | B. Stack <bgstack15@gmail.com> | 2024-09-13 15:10:07 -0400 |
---|---|---|
committer | B. Stack <bgstack15@gmail.com> | 2024-09-13 15:10:07 -0400 |
commit | e7cfa31919e588d473510109392b35e4d690ac2e (patch) | |
tree | 740ae3097b8c2fa2680e349c95fa04f7f1d24c4c /README.md | |
download | cepceslib-e7cfa31919e588d473510109392b35e4d690ac2e.tar.gz cepceslib-e7cfa31919e588d473510109392b35e4d690ac2e.tar.bz2 cepceslib-e7cfa31919e588d473510109392b35e4d690ac2e.zip |
initial commit
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..dc2ebf5 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# Overview + +[cepceslib](https://bgstack15.ddns.net/cgit/cepceslib) is a minimal POSIX shell and python library for using CEP/CES certificate enrollment from GNU/Linux in an Active Directory Certificate Services environment. + +# Alternatives +[cepces](https://github.com/openSUSE/cepces) is a much larger project, but works only with certmonger which is a complex project, and also avoids username auth. + +# Usage + +## Use CEP +The purpose of Certificate Enrollment Policy (CEP) is to list the user's available templates and enrollment endpoints. + +### Example CEP input + + $ CEPURL="https://ces.example.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP" CESUSER="sa839" CESPASSWORDFILE=~/.config/user1 ./cepceslib.sh use_cep + +### Example CEP output + + endpoints:https://ces.example.com/Example%20CA%20Name_CES_Kerberos/service.svc/CES,https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES + SubCA + WebServer + +## Use CES +The purpose of Certificate Enrollment Service is to enroll certificates. + +### Example CES input +Save a WebServer certificate down to example.key and example.pem. Note that by default the CERTFILE will contain the entire certificate chain, with the root first and leaf last. + + CESURL="https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES" KEYFILE=example.key CSRFILE=example.csr CESPASSWORDFILE=~/.config/user1 CESUSER=sa839 CERTFILE=example.pem TEMPLATE="WebServer" ./cepceslib.sh use_ces + +### Example CES output +None. The certificate chain is stored in `CERTFILE`, and the key is stored in `KEYFILE`. |