Man page - getcert-add-scep-ca(1)

Packages contains this manual

Package:  certmonger
apt-get install certmonger

Manuals in package:
• getcert-rekey(1)
• getcert-list-cas(1)
• getcert-refresh(1)
• certmonger-scep-submit(8)
• getcert-resubmit(1)
• getcert-list(1)
• certmonger-dogtag-ipa-renew-agent-submit(8)
• getcert-request(1)
• certmonger.conf(5)
• getcert(1)
• certmonger-dogtag-submit(8)
• selfsign-getcert(1)
• getcert-modify-ca(1)
• getcert-add-ca(1)
• certmonger-local-submit(8)
• getcert-stop-tracking(1)
• getcert-start-tracking(1)
• certmonger(8)
• ipa-getcert(1)
• certmonger-ipa-submit(8)
• getcert-remove-ca(1)
• getcert-refresh-ca(1)
• getcert-add-scep-ca(1)
• getcert-status(1)
• local-getcert(1)
Documentations in package:
• certmonger

Manual

CERTMONGER

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
BUGS
SEE ALSO

---

NAME

getcert

SYNOPSIS

getcert add-scep-ca [options]

DESCRIPTION

Adds a CA configuration to certmonger , which can subsequently be used to enroll certificates. The configuration will use the bundled scep-submit helper. The add-scep-ca command is more or less a wrapper for the add-ca command.

OPTIONS

All user-provided certificate files must be in PEM format.
-c NAME , --ca = NAME

The nickname to give to this CA configuration. This same value can later be passed in to getcert ’s request , resubmit , and start-tracking commands using the -c flag.

-u URL , --url = URL

The location of the SCEP server’s enrollment interface. This option must be specified.

-R FILE , --ca-cert = FILE

The location of a PEM-formatted copy of the CA’s certificate used to verify the TLS connection the SCEP server.

This option must be specified if the URL is an https location.

-N FILE , --signingca = FILE

The location of a PEM-formatted copy of the SCEP server’s CA certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

-r FILE , --ra-cert = FILE

The location of a PEM-formatted copy of the SCEP server’s RA’s certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

-I FILE , --other-certs = FILE

The location of a file containing other PEM-formatted certificates which may be needed in order to properly verify signed responses sent by the SCEP server back to the client. A discovered set is normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.

-i ID , --id = ID

A CA identifier value which will passed to the server when the scep-submit helper is used to retrieve copies of the server’s certificates.

-n , --non-renewal

The SCEP Renewal feature allows a client with a previously-issued certificate to use that certificate and the associated private key to request a new certificate for a different key pair, and can be used to support certmonger ’s rekeying feature if the SCEP server advertises support for it. This option forces the scep-submit helper to issue requests without making use of this feature.

-v , --verbose

Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion.

BUGS

Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

certmonger (8) getcert (1) getcert-add-ca (1) getcert-list-cas (1) getcert-list (1) getcert-modify-ca (1) getcert-refresh-ca (1) getcert-refresh (1) getcert-rekey (1) getcert-remove-ca (1) getcert-request (1) getcert-resubmit (1) getcert-status (1) getcert-stop-tracking (1) certmonger-certmaster-submit (8) certmonger-dogtag-ipa-renew-agent-submit (8) certmonger-dogtag-submit (8) certmonger-ipa-submit (8) certmonger-local-submit (8) certmonger-scep-submit (8) certmonger_selinux (8)

---