1certmonger(1)               General Commands Manual              certmonger(1)
2
3
4

NAME

6       getcert
7
8

SYNOPSIS

10       getcert add-scep-ca [options]
11
12

DESCRIPTION

14       Adds  a  CA configuration to certmonger, which can subsequently be used
15       to enroll certificates.  The configuration will use the  bundled  scep-
16       submit  helper.   The add-scep-ca command is more or less a wrapper for
17       the add-ca command.
18
19

OPTIONS

21       -c NAME
22              The nickname to give to this CA configuration.  This same  value
23              can  later  be  passed  in  to  getcert's request, resubmit, and
24              start-tracking commands using the -c flag.
25
26       -u URL The location of the SCEP server's  enrollment  interface.   This
27              option must be specified.
28
29       -R ca-certificate-file
30              The  location  of a PEM-formatted copy of the SCEP server's CA's
31              certificate.  A discovered value is supplied by  the  certmonger
32              daemon  for  use  in verifying the signature on data returned by
33              the SCEP server, but it is not used for verifying  HTTPS  server
34              certificates.   This  option  must be specified if the URL is an
35              https location.
36
37       -r ra-certificate-file
38              The location of a PEM-formatted copy of the SCEP  server's  RA's
39              certificate.   A  discovered  value  is normally supplied by the
40              certmonger daemon, but one can be specified for  troubleshooting
41              purposes.
42
43       -I other-certificates-file
44              The  location  of a file containing other PEM-formatted certifi‐
45              cates which may be needed in order  to  properly  verify  signed
46              responses sent by the SCEP server back to the client.  A discov‐
47              ered set is normally supplied by the certmonger daemon, but  can
48              be specified for troubleshooting purposes.
49
50       -i identifier
51              A  CA  identifier value which will passed to the server when the
52              scep-submit helper is used to retrieve copies  of  the  server's
53              certificates.
54
55       -n     The  SCEP  Renewal  feature  allows  a client with a previously-
56              issued certificate to use that certificate  and  the  associated
57              private  key  to  request  a new certificate for a different key
58              pair, and can be used to support certmonger's  rekeying  feature
59              if  the  SCEP  server  advertises  support  for it.  This option
60              forces the scep-submit helper to issue requests  without  making
61              use of this feature.
62
63       -v     Be  verbose  about  errors.   Normally,  the details of an error
64              received from the daemon will be suppressed if  the  client  can
65              make a diagnostic suggestion.
66
67

BUGS

69       Please   file   tickets  for  any  that  you  find  at  https://fedora
70       hosted.org/certmonger/
71
72

SEE ALSO

74       certmonger(8) getcert(1) getcert-add-ca(1) getcert-list-cas(1) getcert-
75       list(1)  getcert-modify-ca(1)  getcert-refresh-ca(1) getcert-refresh(1)
76       getcert-rekey(1) getcert-remove-ca(1) getcert-request(1) getcert-resub‐
77       mit(1)  getcert-status(1)  getcert-stop-tracking(1) certmonger-certmas‐
78       ter-submit(8)  certmonger-dogtag-ipa-renew-agent-submit(8)  certmonger-
79       dogtag-submit(8)   certmonger-ipa-submit(8)  certmonger-local-submit(8)
80       certmonger-scep-submit(8) certmonger_selinux(8)
81
82
83
84certmonger Manual              24 February 2015                  certmonger(1)
Impressum