Assume the following scenario:
sscep: Subject of our request does not match that of the returned Certificate!Continue reading „SSCEP: Subject of our request does not match that of the returned Certificate!“
If you want to equip a large quantity of systems with certificates, a Manual request and renewal of certificates is not an option. The only viable path is automation.
For systems that are not members of the Active Directory forest, an automatic certificate request via RPC/DCOM not an option.
For certain use cases, the Simple Certificate Enrollment Protocol (SCEP) is an interesting alternative. There are not only clients for Windows for this protocol, but also for Linux with SSCEP. SSCEP is used, among other things, by thin clients with the eLux operating system used.
The following describes how to set up the SSCEP client on a Debian Buster Linux system - either to use it to manage servers or to be able to test the client-side behavior.
Continue reading „SSCEP für Linux (Debian Buster) installieren und Zertifikate über den Registrierungsdienst für Netzwerkgeräte (NDES) beantragen“
English 
Deutsch