Checking the Current Status of the Client Certificate Enrollment

Reviewing Log Messages

IGEL Linux v5:

IGEL Linux 10:

  1. Open the IGEL Setup and go to System > Registry > debug > tools.
  2. Enable log_partition_enabled.
  3. Enable syslog0.enabled.

    From now on, syslog messages will be written to /debuglog/messages

    For more information about advanced logging, see Extended Logging With Syslog, Tcpdump and Netlog (Extended Logging With Syslog, Tcpdump and Netlog, http://edocs.igel.com/index.htm#10482.htm).

  4. In the log file /var/log/messages, search for cert_agent

Reviewing the Certificates and Certificate Requests in the File System

Deleting a Certificate Request

Checking the CA

Generating an SCEP Request Manually

Enrolling a Certificate Manually

Testing Certificate Renewal

  1. Become root.
  2. Generate an SCEP request and append "new" to the key file name: scep_mkrequest 0 “new”

    An SCEP request is issued. In the directory /wfs/scep-certificates/cert0/, the key file clientnew.key is created.

  3. Renew the certificate: scep_renew 0
  4. Overwrite the old certificate with the new one: mv /wfs/scep-certificates/cert0/clientnew.cert /wfs/scep-certificates/cert0/client.cert
  5. Overwrite the old key with the new one: mv /wfs/scep-certificates/cert0/clientnew.key /wfs/scep-certificates/cert0/client.key