Preliminary: Tools

System Log Viewer

 In the start menu, select the system icon and then System Log Viewer to open the system log viewer.

For more information on starting, using, and configuring the system log viewer, see the System Log Viewer chapter of the IGEL OS Manual.

Local Terminal

 In the start menu, select the Local Terminal.

If a local terminal session has not been set up on your device, proceed as follows:

  1. Open the Setup and go to Accessories > Terminals.
  2. Click   to create a local terminal session.
  3. Click Ok to save the setting and exit the Setup.

For more information on starting and using the local terminal, see the Terminals chapter of the IGEL OS Manual.

Checking the Current Status of the Client Certificate Enrollment

 In the local terminal, enter the command cert_show_status 

The status for each certificate relating to SCEP is shown:

  • CA certificate
  • RA encryption certificate
  • RA signature certificate
  • Client certificate

Reviewing Log Messages

  1. Open the system log viewer and select /tmp/journal.log
  2. Press [Ctrl] + [F] and enter cert_agent to search for relevant messages.

Alternatively, you can open a local terminal and enter journalctl | grep cert_agent

Reviewing the Certificates and Certificate Requests in the File System

  1. Open a local terminal and login as user.
  2. Enter ls /wfs/scep-certificates/cert0/

Deleting a Certificate Request

  1. Open a local terminal and login as root.
  2. Enter rm –rf /wfs/scep-certificates/cert0/
    The directory that includes the certificate request, received certificates (if existing), and the device's own private client key, is deleted. This can be useful for debugging purposes, and if SCEP is no longer used.

Checking the CA

  1. Open a local terminal and login as root.
  2. Enter scep_getca 0

Generating an SCEP Request Manually

  1. Open a local terminal and login as root.
  2. Enter scep_mkrequest 0

Enrolling a Certificate Manually

  1. Open a local terminal and login as root.
  2. Enter scep_enroll 0

Testing Certificate Renewal

  1. Open a local terminal and login as root.
  2. Generate an SCEP request and append "new" to the key file name: scep_mkrequest 0 “new”
    An SCEP request is issued. In the directory /wfs/scep-certificates/cert0/, the key file clientnew.key is created.
  3. Renew the certificate: scep_renew 0
  4. Overwrite the old certificate with the new one: mv /wfs/scep-certificates/cert0/clientnew.cert /wfs/scep-certificates/cert0/client.cert
  5. Overwrite the old key with the new one: mv /wfs/scep-certificates/cert0/clientnew.key /wfs/scep-certificates/cert0/client.key