blob: e8168b86fc192443009c68e6690fee3fabbb6ad0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# Overview
[cepceslib](https://bgstack15.ddns.net/cgit/cepceslib) is a minimal POSIX shell and python library for using CEP/CES certificate enrollment from GNU/Linux in an Active Directory Certificate Services environment.
# Alternatives
[cepces](https://github.com/openSUSE/cepces) is a much larger project, but works only with certmonger which is a complex project, and also avoids username auth.
# Usage
## Use CEP
The purpose of Certificate Enrollment Policy (CEP) is to list the user's available templates and enrollment endpoints.
### Example CEP input
$ CEPURL="https://ces.example.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP" CESUSER="sa839" CESPASSWORDFILE=~/.config/user1 ./cepceslib.sh use_cep
### Example CEP output
endpoints:https://ces.example.com/Example%20CA%20Name_CES_Kerberos/service.svc/CES,https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES
SubCA
WebServer
## Use CES
The purpose of Certificate Enrollment Service is to enroll certificates.
### Example CES input
Save a WebServer certificate down to example.key and example.pem. Note that by default the CERTFILE will contain the entire certificate chain, with the root first and leaf last.
CESURL="https://ces.example.com/Example%20CA%20Name_CES_UsernamePassword/service.svc/CES" KEYFILE=example.key CSRFILE=example.csr CESPASSWORDFILE=~/.config/user1 CESUSER=sa839 CERTFILE=example.pem TEMPLATE="WebServer" CN="example1.example.com" SANS="san1.example.com,san2.example.com" ./cepceslib.sh use_ces
### Example CES output
None. The certificate chain is stored in `CERTFILE`, and the key is stored in `KEYFILE`.
|