The implemented solution leverages TPM as a security facility and streamlines the process from SCEP
enrollment and renewal to get certificate and private key till the private key being used by a WPA
Supplicant to get authenticated and authorized to access a secure network via 802.1x protocol. During the
whole process, the administrator, who manages certificates and configures network settings, just needs to
configure SCEP Client and 802.1x network as normal, except two extra steps to set TPM passwords and
enable TPM. Besides configuring all settings in local GUI, there is a set of command line tool. The actual
administrative efforts can be further reduced by executing command lines remotely in a mass deployment
scenario. The administrator can run command line remotely via a secure channel to get everything setup.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 4.0 License.
INC, HP, "METHOD OF PROTECTING MACHINE CERTIFICATES ISSUED TO LINUX CLIENTS OBTAINED BY USING SCEP PROTOCOL BY ENCRYPTING WITH A TPM DEVICE", Technical Disclosure Commons, (December 19, 2019)