Enrollment UI

This is a certificate enrollment interface for OpenXPKI. Basically, it runs on a bastion host and accepts CSRs from external users. These CSRs are passed to an internal OpenXPKI daemon via SCEP using the sscep to forward the request.


Apache HTTP Server

(CGI call of ‘enroller’ script)


Enroller Web UI

(enroller calls wrapper script)


sscep Wrapper Script

(wrapper script calls sscep client)


sscep client

(SCEP request sent to server)


SCEP Server


The Mojolicious framework is designed to run nicely in a PSGI or CGI environment of a webserver. To run a test daemon that is reachable via your web browser, run the following:

script/enroller daemon

To run the test cases, use the following:

script/enroller test

Apache HTTP Server

One method of serving the Enrollment UI is via Apache/CGI using the ScriptAlias directive:

<Directory /srv/www/enroller>
Options -FollowSymLinks AllowOverride None Order allow,deny Allow from all

</Directory> ScriptAlias / /srv/www/enroller/script/enroller/

SCEP Client (e.g. sscep)