Create OpenSSL configuration files
Create an OpenSSL configuration file (e.g. openssl.cfg) that contains:
All the required certificate fields set within the desired certificate profile.
The enrollment code for the seat ID you are enrolling for a cert via SCEP, defined as challengePassword.
This is an example showing all supported SCEP fields in Subject DN and SAN extension, and a test enrollment code (challengePassword):
SAN_FIELDS = IP:10.0.0.10, URI:http://www.digicert.com/, RID:1.2.3.4, DNS:first.digicert.com , DNS:second.digicert.com , email:noreply@digicert.com , email:noreply@mailinator.com [ req ] prompt = no distinguished_name = req_distinguished_name req_extensions = req_ext attributes = req_attributes [ req_distinguished_name ] CN = device-seat-01 1.OU = Test OU 1 2.OU = Test OU 2 O = Test Org L = Test Locality ST = Test State C = US postalCode = 02860 serialNumber = sn0001 unstructuredName = Test Unstructured Name unstructuredAddress = Test Unstructured Address description = Test Description [ req_ext ] subjectAltName = $SAN_FIELDS [ req_attributes ] challengePassword = RLW60QNN7WJ7 |