1CERTMONGER(1)               General Commands Manual              CERTMONGER(1)
2
3
4

NAME

6       getcert
7
8

SYNOPSIS

10       getcert add-scep-ca [options]
11
12

DESCRIPTION

14       Adds  a  CA configuration to certmonger, which can subsequently be used
15       to  enroll  certificates.   The  configuration  will  use  the  bundled
16       scep-submit  helper.  The add-scep-ca command is more or less a wrapper
17       for the add-ca command.
18
19

OPTIONS

21       -c NAME, --ca=NAME
22              The nickname to give to this CA configuration.  This same  value
23              can  later  be  passed  in  to  getcert's request, resubmit, and
24              start-tracking commands using the -c flag.
25
26       -u URL, --url=URL
27              The location of the SCEP server's  enrollment  interface.   This
28              option must be specified.
29
30       -R FILE, --ca-cacert=FILE
31              The  location  of  a  PEM-formatted copy of the CA's certificate
32              used to verify the TLS connection the SCEP server.
33
34              This option must be specified if the URL is an https location.
35
36       -N FILE, --signingca=FILE
37              The location of a PEM-formatted copy of  the  SCEP  server's  CA
38              certificate.   A  discovered  value  is normally supplied by the
39              certmonger daemon, but one can be specified for  troubleshooting
40              purposes.
41
42       -r FILE, --ra-cert=FILE
43              The  location  of a PEM-formatted copy of the SCEP server's RA's
44              certificate.  A discovered value is  normally  supplied  by  the
45              certmonger  daemon, but one can be specified for troubleshooting
46              purposes.
47
48       -I FILE, --other-certs=FILE
49              The location of a file containing other  PEM-formatted  certifi‐
50              cates  which  may  be  needed in order to properly verify signed
51              responses sent by the SCEP server back to the client.  A discov‐
52              ered  set is normally supplied by the certmonger daemon, but can
53              be specified for troubleshooting purposes.
54
55       -i ID, --id=ID
56              A CA identifier value which will passed to the server  when  the
57              scep-submit  helper  is  used to retrieve copies of the server's
58              certificates.
59
60       -n, --non-renewal
61              The  SCEP  Renewal  feature  allows  a  client  with  a   previ‐
62              ously-issued certificate to use that certificate and the associ‐
63              ated private key to request a new certificate  for  a  different
64              key  pair, and can be used to support certmonger's rekeying fea‐
65              ture if the SCEP server advertises support for it.  This  option
66              forces  the  scep-submit helper to issue requests without making
67              use of this feature.
68
69       -v, --verbose
70              Be verbose about errors.  Normally,  the  details  of  an  error
71              received  from  the  daemon will be suppressed if the client can
72              make a diagnostic suggestion.
73
74

BUGS

76       Please  file  tickets  for  any  that  you  find   at   https://fedora
77       hosted.org/certmonger/
78
79

SEE ALSO

81       certmonger(8)    getcert(1)    getcert-add-ca(1)    getcert-list-cas(1)
82       getcert-list(1)       getcert-modify-ca(1)        getcert-refresh-ca(1)
83       getcert-refresh(1)         getcert-rekey(1)        getcert-remove-ca(1)
84       getcert-request(1)        getcert-resubmit(1)         getcert-status(1)
85       getcert-stop-tracking(1)    certmonger-certmaster-submit(8)    certmon‐
86       ger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8)  cert‐
87       monger-ipa-submit(8)   certmonger-local-submit(8)  certmonger-scep-sub‐
88       mit(8) certmonger_selinux(8)
89
90
91
92certmonger Manual              February 24, 2015                 CERTMONGER(1)
Impressum