getcert-add-scep-ca - (unknown subject)
NAME SYNOPSIS DESCRIPTION OPTIONS BUGS SEE ALSONAME
getcert
SYNOPSIS
getcert add−scep−ca [options]
DESCRIPTION
Adds a CA configuration to certmonger, which can subsequently be used to enroll certificates. The configuration will use the bundled scep−submit helper. The add−scep−ca command is more or less a wrapper for the add−ca command.
OPTIONS
All
user−provided certificate files must be in PEM format.
−c NAME,
−−ca=NAME
The nickname to give to this CA configuration. This same value can later be passed in to getcert’s request, resubmit, and start−tracking commands using the −c flag.
−u URL, −−url=URL
The location of the SCEP server’s enrollment interface. This option must be specified.
−R FILE, −−ca−cert=FILE
The location of a PEM−formatted copy of the CA’s certificate used to verify the TLS connection the SCEP server.
This option must be specified if the URL is an https location.
−N FILE, −−signingca=FILE
The location of a PEM−formatted copy of the SCEP server’s CA certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.
−r FILE, −−ra−cert=FILE
The location of a PEM−formatted copy of the SCEP server’s RA’s certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.
−I FILE, −−other−certs=FILE
The location of a file containing other PEM−formatted certificates which may be needed in order to properly verify signed responses sent by the SCEP server back to the client. A discovered set is normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.
−i ID, −−id=ID
A CA identifier value which will passed to the server when the scep−submit helper is used to retrieve copies of the server’s certificates.
−n, −−non−renewal
The SCEP Renewal feature allows a client with a previously−issued certificate to use that certificate and the associated private key to request a new certificate for a different key pair, and can be used to support certmonger’s rekeying feature if the SCEP server advertises support for it. This option forces the scep−submit helper to issue requests without making use of this feature.
−v, −−verbose
Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion.
BUGS
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
SEE ALSO
certmonger(8) getcert(1) getcert−add−ca(1) getcert−list−cas(1) getcert−list(1) getcert−modify−ca(1) getcert−refresh−ca(1) getcert−refresh(1) getcert−rekey(1) getcert−remove−ca(1) getcert−request(1) getcert−resubmit(1) getcert−status(1) getcert−stop−tracking(1) certmonger−certmaster−submit(8) certmonger−dogtag−ipa−renew−agent−submit(8) certmonger−dogtag−submit(8) certmonger−ipa−submit(8) certmonger−local−submit(8) certmonger−scep−submit(8) certmonger_selinux(8)