CERTMONGER(1) | General Commands Manual | CERTMONGER(1) |
NAME¶
getcert
SYNOPSIS¶
getcert add-scep-ca [options]
DESCRIPTION¶
Adds a CA configuration to certmonger, which can subsequently be used to enroll certificates. The configuration will use the bundled scep-submit helper. The add-scep-ca command is more or less a wrapper for the add-ca command.
OPTIONS¶
- All user-provided certificate files must be in PEM format.
- -c NAME, --ca=NAME
- The nickname to give to this CA configuration. This same value can later be passed in to getcert's request, resubmit, and start-tracking commands using the -c flag.
- -u URL, --url=URL
- The location of the SCEP server's enrollment interface. This option must be specified.
- -R FILE, --ca-cacert=FILE
- The location of a PEM-formatted copy of the CA's certificate used to
verify the TLS connection the SCEP server.
This option must be specified if the URL is an https location.
- -N FILE, --signingca=FILE
- The location of a PEM-formatted copy of the SCEP server's CA certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.
- -r FILE, --ra-cert=FILE
- The location of a PEM-formatted copy of the SCEP server's RA's certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.
- -I FILE, --other-certs=FILE
- The location of a file containing other PEM-formatted certificates which may be needed in order to properly verify signed responses sent by the SCEP server back to the client. A discovered set is normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.
- -i ID, --id=ID
- A CA identifier value which will passed to the server when the scep-submit helper is used to retrieve copies of the server's certificates.
- -n, --non-renewal
- The SCEP Renewal feature allows a client with a previously-issued certificate to use that certificate and the associated private key to request a new certificate for a different key pair, and can be used to support certmonger's rekeying feature if the SCEP server advertises support for it. This option forces the scep-submit helper to issue requests without making use of this feature.
- -v, --verbose
- Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion.
BUGS¶
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
SEE ALSO¶
certmonger(8) getcert(1) getcert-add-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
February 24, 2015 | certmonger Manual |