Skip to main content

Test enrollment using the DigiCert SCEP client

You can test SCEP-based certificate enrollments using the DigiCert SCEP client.

Before you begin

  • If you don't have the DigiCert SCEP client, contact your DigiCert account representative to request access.

  • Create a CSR in DER format for the certificate to enroll. For details, see Create the CSR.

Call SCEP services with the enroll operation

Substitute the <scep-url> with the URL that was generated when creating the SCEP certificate profile - you can view the URL again by simply clicking on the saved profile.

java -jar ./DigiCertSCEPClient.jar -url <scep-url> -operation enroll -csr device.der.csr -outpath . -debug true

Anmerkung

The -outpath value (dot) is a folder path for the current directory.

If the enrollment is successful, a certificate in DER format is saved using the same CSR filename. For example, device.der.cer.

Convert issued certificates to PEM format

If needed, you can convert the issued certificate to PEM format.

openssl x509 -inform der -in device.der.cer -outform pem -out device.pem.cer
In diesem Abschnitt: