8.3. Using CMC Enrollment
CMCRevokecommand line tool. For more information about
CMCRevoke, see Section 6.2, “Performing a CMC Revocation”.
HttpClientto post the request to the appropriate profile. The
CMCRequesttool generates a signed certificate request which can then be submitted using the
HttpClienttool or the browser end-entities forms to enroll and receive the certificate automatically and immediately.
CMCRequesttool has a simple command syntax, with all the configuration given in the
CMCEnrolltool, with the following syntax:
CMCEnroll -d /agent's/certificate/directory -h password -n cert_nickname -r certrequest.file -p certDB_passwd [-c "comment"]
8.3.1. Testing CMCEnroll
- Create a certificate request using the
- Copy the PKCS #10 ASCII output to a text file.
- Run the CMCEnroll utility.For example, if the input file called
request34.txt, the agent certificate is stored in the browser databases, the certificate common name of the agent certificate is
CertificateManagerAgentsCert, and the password for the certificate database is
secret, the command is as follows:
CMCEnroll -d ~jsmith/.mozilla/firefox/1234.jsmith -n "CertificateManagerAgentsCert" -r /export/requests/request34.txt -p secretThe output of this command is stored in a file with the same filename with
.outappended to the filename.
- Submit the signed certificate through the end-entities page.
- Open the end-entities page.
- Select the CMC enrollment form from the list of certificate profiles.
- Paste the content of the output file into the Certificate Request text area of this form.
-----BEGIN NEW CERTIFICATE REQUEST-----and
----END NEW CERTIFICATE REQUEST-----from the pasted content.
- Fill in the contact information, and submit the form.
- The certificate is immediately processed and returned.
- Use the agent page to search for the new certificate.