Install SCEP certificate on Linux

Configuring SCEP certificate on a Linux machine

  1. Install the certificate manager package
    apt install certmonger
  2. Add the foxpass server certificate to the filesystem
    openssl s_client -showcerts -connect https://api.foxpass.com </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > /etc/ssl/api_foxpass_com.crt
  3. Add the client CA certificate to the filesystem
    /usr/lib/certmonger/scep-submit -u https://api.foxpass.com -R /etc/ssl/api_foxpass_com.crt -C > /etc/ssl/api_foxpass_com_ca.crt
  4. Tell certmonger about the certificate
    getcert add-scep-ca -c foxpass -u https://api.foxpass.com -R /etc/ssl/api_foxpass_com.crt -N /etc/ssl/api_foxpass_com_ca.crt
  5. Create the private key and request the signed certificate using a PIN you choose
    getcert request -k <private key file> -f <public key file> -c foxpass -N $(hostname) -E <EMAIL> -w -L <Challenge Phrase> -m 600 -P <PIN>
  6. Add the SSID to the network (Optional - can be entered manually via GUI)
nmcli c add type wifi ifname <wifi NIC> con-name '<Name>'\
802-11-wireless.ssid '<SSID>' \
802-11-wireless-security.key-mgmt wpa-eap \
802-1x.eap tls \
802-1x.identity '<' \
802-1x.ca-cert /etc/ssl/api_foxpass_com_ca.crt \
802-1x.client-cert <public key file> \
802-1x.private-key <private key file> \
802-1x.private-key-password <PIN>