My Following Setup:
Windows Server 2008 AD with CA
Redhat Workstation Joined to AD
I have used Openssl to generate a certificate request to be sent to the CA
openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr
but how can I submit the request using command line for Red hat?, I'm aware of the window's version command which is
certreq -submit domain.csr
Is there a Linux Version of this? I'm trying out Auto-enrollment
I'm aware that I can use the Web Enrolment Page to submit my request, but I'm in a command line environment I don't have access to a browser. and Manually transferring the request with thumb drive is not an option either.
Please enlighten me on this matter. Thanks!!
yum install elinks
is a good alternative, but is there another command line way? it should be useful for scripting to automate the task
winexe
Great tool! Using this I understand the concept idea so by generating a certificate in a shared secure location between the Red Hat Machine and Windows Machine, and issuing the certreq
commands remotely from the Red hat machine to the windows machine to generate the certificate. I'll test it out in my test environment again later.
but is there a standard industry practice out of the box solution? that anyone is aware of?
Best Answer
For non-domain devices, Network Device Enrollment Service is often the prefered solution, since it allows auto renewal once set up.
Please have a look at this Technet Wiki article: Network Device Enrollment Service (NDES) in Active Directory Certificate Services (AD CS) describing how to set up and use NDES