From e7cfa31919e588d473510109392b35e4d690ac2e Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Fri, 13 Sep 2024 15:10:07 -0400 Subject: initial commit --- README.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 README.md (limited to 'README.md') diff --git a/README.md b/README.md new file mode 100644 index 0000000..dc2ebf5 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# Overview + +[cepceslib](https://bgstack15.ddns.net/cgit/cepceslib) is a minimal POSIX shell and python library for using CEP/CES certificate enrollment from GNU/Linux in an Active Directory Certificate Services environment. + +# Alternatives +[cepces](https://github.com/openSUSE/cepces) is a much larger project, but works only with certmonger which is a complex project, and also avoids username auth. + +# Usage + +## Use CEP +The purpose of Certificate Enrollment Policy (CEP) is to list the user's available templates and enrollment endpoints. + +### Example CEP input + + $ CEPURL="https://ces.example.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP" CESUSER="sa839" CESPASSWORDFILE=~/.config/user1 ./cepceslib.sh use_cep + +### Example CEP output + + endpoints:https://ces.example.com/Example%20CA%20Name_CES_Kerberos/service.svc/CES,https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES + SubCA + WebServer + +## Use CES +The purpose of Certificate Enrollment Service is to enroll certificates. + +### Example CES input +Save a WebServer certificate down to example.key and example.pem. Note that by default the CERTFILE will contain the entire certificate chain, with the root first and leaf last. + + CESURL="https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES" KEYFILE=example.key CSRFILE=example.csr CESPASSWORDFILE=~/.config/user1 CESUSER=sa839 CERTFILE=example.pem TEMPLATE="WebServer" ./cepceslib.sh use_ces + +### Example CES output +None. The certificate chain is stored in `CERTFILE`, and the key is stored in `KEYFILE`. -- cgit