Last active
July 25, 2025 19:34
-
-
Save fuhry/454c117f9cbb7c97cdb5138d6e9cc693 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Sample script for Linux hosts to obtain a certificate from a SCEP integration | |
| # with PR #31296 applied against fleetd. In this example, the CA name is | |
| # "SCEP_CERTIFICATE" and the certificate and private key are written to | |
| # /tmp/client.pem and /tmp/client.key respectively. | |
| set -euo pipefail | |
| basedir="$(cd "$(dirname "$0")"; pwd)" | |
| curl -SLlO https://github.com/micromdm/scep/releases/download/v2.3.0/scepclient-linux-amd64-v2.3.0.zip | |
| unzip scepclient-linux-amd64-v2.3.0.zip | |
| chmod +x scepclient-linux-amd64 | |
| for f in /tmp/csr.pem /tmp/client.pem /tmp/self.pem; do | |
| test -f $f && rm -f $f | |
| done | |
| cd /tmp | |
| openssl genrsa -traditional 2048 > client.key | |
| $basedir/scepclient-linux-amd64 -cn=$FLEET_VAR_HOST_HARDWARE_SERIAL \ | |
| -server-url=$FLEET_VAR_CUSTOM_SCEP_PROXY_URL_SCEP_CERTIFICATE \ | |
| -challenge=$FLEET_VAR_CUSTOM_SCEP_CHALLENGE_SCEP_CERTIFICATE \ | |
| -private-key=client.key | |
| rm -f csr.pem self.pem || true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment