How to request for a certificate over the network using certutil command?
-
Saturday, February 25, 2012 5:04 AM
Hi everyone
I need to request for a certificate from a Windows Enterprise CA over the network from a Linux client. I need a similar service to "certificate auto-enrollment (available for windows clients)" for some of my Linux clients. Using the certificate web enrollment is not an option since it includes user activity. I am thinking of using the certutil command to make a script to minimise the user intervention.
Can the certutil command can be used to achieve this goal? Does somebody know a better way of doing this?
Thank you
All Replies
-
Saturday, February 25, 2012 10:03 AM
no. Certutil never used for any operations with certificate requests. Probably, you are refering to certreq.exe?
certreq -submit -?
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference: on TechNet wiki- Proposed As Answer by Ondrej SevecekMVP Saturday, February 25, 2012 2:42 PM
- Marked As Answer by Rick TanModerator Monday, February 27, 2012 7:14 AM
-
Monday, February 27, 2012 2:04 AM
Hi,
Certutil command in Linux platform can be used to create certificate requests. Since my goal is creating a certificate for the clients in Linux platform I will be using this command for requesting certificates,
eg: certutil -R -s "CN=John Smith, O=Netscape, L=Mountain View, ST=California, C=US" -p "650-555-8888" -o mycert.req -d certdir
reference: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1028731
-
Monday, February 27, 2012 5:07 AM
On Mon, 27 Feb 2012 02:04:09 +0000, musclecar77 wrote:
Hi,
Certutil command in Linux platform can be used to create certificate requests. Since my goal is creating a certificate for the clients in Linux platform I will be using this command for requesting certificates,
eg: certutil -R -s "CN=John Smith, O=Netscape, L=Mountain View, ST=California, C=US" -p "650-555-8888" -o mycert.req -d certdir
reference: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1028731Vadims thought that you were referring to the Windows certutil (as did I).
If you need support with the Linux version, you'll need to post to a forum
appropriate to your distro.
Paul Adare
MVP - Forefront Identity Manager
http://www.identit.ca
Don't let the computer bugs bite!- Proposed As Answer by Vadims PodansMVP Monday, February 27, 2012 6:13 AM
- Marked As Answer by Rick TanModerator Monday, February 27, 2012 7:14 AM
-
Monday, February 27, 2012 6:01 PM
Many Linux dists already support using SCEP to enroll/request certificates from an online CA. Using SCEP together with the NDES feature of ADCS you can provide your Linux client with the ability to request and handle certificates from a Windows Enterprise CA in Active Directory.
Read more about Network Device Enrollment NDES:
http://technet.microsoft.com/en-us/library/cc753784(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc772393(v=ws.10).aspx
/Hasain
.png)
