How to do Linux PKI certificate auto-enrollment from Active Directory CA?

Solution Verified - Updated -

Issue

  • How to do Linux PKI certificate auto-enrollment from Active Directory CA?
  • How to configure 802.1x client certificate automatically from Active Directory cert server?
  • Get dot1x machine certificate from AD CS automatically
  • Windows AD computers can request and obtain a certificate automatically without admin intervention. Is there a way to do this on a Red Hat workstation that is a member of AD domain (joined via realmd) that could be automated with a script? The machine has a valid keytab issued by AD under /etc/krb5.keytab. IdM/FreeIPA server offers this with the ipa-getcert command.

Environment

  • Red Hat Enterprise Linux
  • Active Directory environment
  • Linux clients joined to the domain with the realm command and managed by SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content