Generic
Generic SCEP
Test a connection from the client to the KMES Series 3 by using the configured certificates
1min
the process for configuring and testing certificates on the client side varies between the different types of applications connecting to the {{k3}} with scep however, you can use the following openssl commands to confirm that the scep client certificate enables a successful connection to the scep port on the {{k3}} if you used the {{k3}} as the ca that signed the scep client certificate, then you must extract the client certificate, private key, and root ca certificate from the pkcs #12 file before connecting if you used an external ca to sign the client certificate, run the following openssl command to test connection and authentication to the {{k3}} openssl s client connect 10 0 5 197 8082 cafile root pem cert signed client cert pem key sslclient privatekey pem adjust the ip address of the {{k3}} and the file names in the preceding command to your specific situation if you used the {{k3}} as a ca to sign the scep client certificate, run the following openssl command to first extract the contents of the pkcs #12 file openssl pkcs12 in export pkcs12 p12 out pkcs12 pem nodes open the pkcs12 pem file that was output from the previous command then, copy the signed client certificate, private key, and root ca certificate to individual files for use in the next command run the following openssl command to test the connection to the {{k3}} openssl s client connect 10 0 5 197 8082 cafile root pem cert signed client cert pem key sslclient privatekey pem if the ssl handshake is successful, then you configured the certificates correctly on the {{k3}} if you use the tls certificate to authenticate, the {{k3}} attempts to authenticate the scep client immediately after establishing the connection if the common name of the tls certificate matches the name of a {{k}} user with the signing ca of that tls certificate registered, the authentication is successful, and the scep client can perform any of the actions that are enabled for that user on the {{k}} the process for authenticating with username and password on the client side is specific to each scep client