1CERTMONGER(1)               General Commands Manual              CERTMONGER(1)
2
3
4

NAME

6       getcert
7
8

SYNOPSIS

10       getcert add-scep-ca [options]
11
12

DESCRIPTION

14       Adds  a  CA configuration to certmonger, which can subsequently be used
15       to  enroll  certificates.   The  configuration  will  use  the  bundled
16       scep-submit  helper.  The add-scep-ca command is more or less a wrapper
17       for the add-ca command.
18
19

OPTIONS

21       All user-provided certificate files must be in PEM format.
22
23       -c NAME, --ca=NAME
24              The nickname to give to this CA configuration.  This same  value
25              can  later  be  passed  in  to  getcert's request, resubmit, and
26              start-tracking commands using the -c flag.
27
28       -u URL, --url=URL
29              The location of the SCEP server's  enrollment  interface.   This
30              option must be specified.
31
32       -R FILE, --ca-cacert=FILE
33              The  location  of  a  PEM-formatted copy of the CA's certificate
34              used to verify the TLS connection the SCEP server.
35
36              This option must be specified if the URL is an https location.
37
38       -N FILE, --signingca=FILE
39              The location of a PEM-formatted copy of  the  SCEP  server's  CA
40              certificate.   A  discovered  value  is normally supplied by the
41              certmonger daemon, but one can be specified for  troubleshooting
42              purposes.
43
44       -r FILE, --ra-cert=FILE
45              The  location  of a PEM-formatted copy of the SCEP server's RA's
46              certificate.  A discovered value is  normally  supplied  by  the
47              certmonger  daemon, but one can be specified for troubleshooting
48              purposes.
49
50       -I FILE, --other-certs=FILE
51              The location of a file containing other  PEM-formatted  certifi‐
52              cates which may be needed in order to properly verify signed re‐
53              sponses sent by the SCEP server back to the client.   A  discov‐
54              ered  set is normally supplied by the certmonger daemon, but can
55              be specified for troubleshooting purposes.
56
57       -i ID, --id=ID
58              A CA identifier value which will passed to the server  when  the
59              scep-submit  helper  is  used to retrieve copies of the server's
60              certificates.
61
62       -n, --non-renewal
63              The SCEP Renewal feature allows a client with  a  previously-is‐
64              sued certificate to use that certificate and the associated pri‐
65              vate key to request a new certificate for a different key  pair,
66              and  can be used to support certmonger's rekeying feature if the
67              SCEP server advertises support for it.  This option  forces  the
68              scep-submit  helper to issue requests without making use of this
69              feature.
70
71       -v, --verbose
72              Be verbose about errors.  Normally, the details of an error  re‐
73              ceived from the daemon will be suppressed if the client can make
74              a diagnostic suggestion.
75
76

BUGS

78       Please  file  tickets  for  any  that  you  find   at   https://fedora
79       hosted.org/certmonger/
80
81

SEE ALSO

83       certmonger(8)    getcert(1)    getcert-add-ca(1)    getcert-list-cas(1)
84       getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1)  getcert-re‐
85       fresh(1)   getcert-rekey(1)   getcert-remove-ca(1)   getcert-request(1)
86       getcert-resubmit(1) getcert-status(1) getcert-stop-tracking(1) certmon‐
87       ger-certmaster-submit(8)    certmonger-dogtag-ipa-renew-agent-submit(8)
88       certmonger-dogtag-submit(8)   certmonger-ipa-submit(8)   certmonger-lo‐
89       cal-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
90
91
92
93certmonger Manual              February 24, 2015                 CERTMONGER(1)
Impressum