Preliminary: Tools

System Log Viewer

 Select IGEL_Startmenu v10 System > System Log Viewer to open the system log viewer.

For more information on starting, using, and configuring the system log viewer, see the System Log Viewer chapter of the IGEL OS Manual.

Local Terminal

 Select IGEL_Startmenu v10 > Local Terminal to open the local terminal.

If a local terminal session has not been set up on your device, proceed as follows:

  1. Open the Setup and go to Accessories > Terminals.
  2. Click  to create a local terminal session.
  3. Click Ok to save the setting and exit the Setup.

For more information on starting and using the local terminal, see the Terminals chapter of the IGEL OS Manual.

Checking the Current Status of the Client Certificate Enrollment

 In the local terminal, enter the command cert_show_status 

The status for each certificate relating to SCEP is shown:

  • CA certificate
  • RA encryption certificate
  • RA signature certificate
  • Client certificate

Reviewing Log Messages

IGEL Linux v5

  1. Open a local terminal and login as user.
  2. Open /var/log/messages with either vi or more and search for cert_agent

In the log file /var/log/messages, search for cert_agent

IGEL OS

  1. Open the system log viewer and select /tmp/journal.log
  2. Press [Ctrl] + [F] and enter cert_agent to search for relevant messages.

Alternatively, you can open a local terminal and enter journalctl | grep cert_agent

Reviewing the Certificates and Certificate Requests in the File System

  1. Open a local terminal and login as user.
  2. Enter ls /wfs/scep-certificates/cert0/

Deleting a Certificate Request

  1. Open a local terminal and login as root.
  2. Enter rm –rf /wfs/scep-certificates/cert0/
    The directory that includes the certificate request, received certificates (if existing), and the device's own private client key, is deleted. This can be useful for debugging purposes, and if SCEP is no longer used.

Checking the CA

  1. Open a local terminal and login as root.
  2. Enter scep_getca 0

Generating an SCEP Request Manually

  1. Open a local terminal and login as root.
  2. Enter scep_mkrequest 0

Enrolling a Certificate Manually

  1. Open a local terminal and login as root.
  2. Enter enter scep_enroll 0

Testing Certificate Renewal

  1. Open a local terminal and login as root.
  2. Generate an SCEP request and append "new" to the key file name: scep_mkrequest 0 “new”
    An SCEP request is issued. In the directory /wfs/scep-certificates/cert0/, the key file clientnew.key is created.
  3. Renew the certificate: scep_renew 0
  4. Overwrite the old certificate with the new one: mv /wfs/scep-certificates/cert0/clientnew.cert /wfs/scep-certificates/cert0/client.cert
  5. Overwrite the old key with the new one: mv /wfs/scep-certificates/cert0/clientnew.key /wfs/scep-certificates/cert0/client.key