1.. Why does the customer need this? (List the business requirements here)

• We need automatically-issued server certificates for use in 802.1x network authentication for wired and wireless network connections.

• These certs must not require manual action, and must be issued based on the proof-of-identity by Kerberos Keytab so that only domain-joined computers can receive these auto-generated certificates.

• the certs must automatically renew before expiration to prevent machines from getting kicked off the network

2. How would the customer like to achieve this? (List the functional requirements here)

• best case is using the Microsoft RPC protocol to request the certificate, the same way Centrify and MacOS do it.

• second best would be to leverage the CEP/CES protocols to acquire this

• the getcert already does this with other providers, so that seems the logical place to add the support

3. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

a sequence of `getcert request` then `getcert list` to verify the cert was issued.

The end-to-end test would be to confirm that a certificate issued in such a manner would be accepted by the 802.1x authenticator.

Additional info: