Trying to implement Certificate Autoenrollment on Linux using the vascert utility. The vascert server add command works fine and the vascert server list correctly shows our certificate authority. But, it doesn't pickup our policy and vascert pulse command produces this error: vascert: One Identity Certificate Autoenrollment version 18.104.22.1680 Copyright 2017 Quest Software Inc. ALL RIGHTS RESERVED. Processing enrollment policy: ClientCertEnrollment Process exited with an error (Exit value: 1), command was: [/var/opt/quest/vascert/script/certstore.sh, export-machine-certs, /tmp/vascert86*.
In order for vascert to work on Linux you need to modify some scripts and input information from your environment.
vascert calls into this script: /var/opt/quest/vascert/script/certstore.sh specifically it calls the export-machine-certs function in certstore.sh. Certstore.sh calls the exportMachineCerts function in certstore-DEV.sh. This error shows up because the exportMachineCerts function returns 1 by default, which causes vascert to error out. That function, be default, looks like:
Please do the following:
1 - cp -p certstore-DEV.sh certstore-DEV.original
-v Display version (banner text)
info Dumps the contents of a policy template