Install SCEP certificate on Linux
Configuring SCEP certificate on a Linux machine
- Install the certificate manager package
apt install certmonger
- Add the foxpass server certificate to the filesystem
openssl s_client -showcerts -connect https://api.foxpass.com </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > /etc/ssl/api_foxpass_com.crt
- Add the client CA certificate to the filesystem
/usr/lib/certmonger/scep-submit -u https://api.foxpass.com -R /etc/ssl/api_foxpass_com.crt -C > /etc/ssl/api_foxpass_com_ca.crt
- Tell certmonger about the certificate
getcert add-scep-ca -c foxpass -u https://api.foxpass.com -R /etc/ssl/api_foxpass_com.crt -N /etc/ssl/api_foxpass_com_ca.crt
- Create the private key and request the signed certificate using a PIN you choose
getcert request -k <private key file> -f <public key file> -c foxpass -N $(hostname) -E <EMAIL> -w -L <Challenge Phrase> -m 600 -P <PIN>
- Add the SSID to the network (Optional - can be entered manually via GUI)
nmcli c add type wifi ifname <wifi NIC> con-name '<Name>'\
802-11-wireless.ssid '<SSID>' \
802-11-wireless-security.key-mgmt wpa-eap \
802-1x.eap tls \
802-1x.identity '<' \
802-1x.ca-cert /etc/ssl/api_foxpass_com_ca.crt \
802-1x.client-cert <public key file> \
802-1x.private-key <private key file> \
802-1x.private-key-password <PIN>
Updated 5 months ago