mbartosch
commented
10 months ago According to the SCEP standard the SUCCESS PKIMessage contains the end entity certificate and optionally may include additional certificates. sscep only exports the end entity certificate, via the -l option. The certificate chain for the EE certificate can be constructed from the delivered end entity certificate and building the certificate chain using the certificates delivered by the SCEP GetCACert operation.
scep enroll request responded with certificate chain, but the -l output cert has only one certificate. The chain is missing. Is there anyway to get the entire cert chain
./sscep enroll -u http://example.com/scep -c ca.crt -k local.key -r local.csr -l local.crt