1CERTMONGER(1) General Commands Manual CERTMONGER(1)
2
3
4
6 getcert
7
8
10 getcert add-scep-ca [options]
11
12
14 Adds a CA configuration to certmonger, which can subsequently be used
15 to enroll certificates. The configuration will use the bundled
16 scep-submit helper. The add-scep-ca command is more or less a wrapper
17 for the add-ca command.
18
19
21 All user-provided certificate files must be in PEM format.
22
23 -c NAME, --ca=NAME
24 The nickname to give to this CA configuration. This same value
25 can later be passed in to getcert's request, resubmit, and
26 start-tracking commands using the -c flag.
27
28 -u URL, --url=URL
29 The location of the SCEP server's enrollment interface. This
30 option must be specified.
31
32 -R FILE, --ca-cacert=FILE
33 The location of a PEM-formatted copy of the CA's certificate
34 used to verify the TLS connection the SCEP server.
35
36 This option must be specified if the URL is an https location.
37
38 -N FILE, --signingca=FILE
39 The location of a PEM-formatted copy of the SCEP server's CA
40 certificate. A discovered value is normally supplied by the
41 certmonger daemon, but one can be specified for troubleshooting
42 purposes.
43
44 -r FILE, --ra-cert=FILE
45 The location of a PEM-formatted copy of the SCEP server's RA's
46 certificate. A discovered value is normally supplied by the
47 certmonger daemon, but one can be specified for troubleshooting
48 purposes.
49
50 -I FILE, --other-certs=FILE
51 The location of a file containing other PEM-formatted certifi‐
52 cates which may be needed in order to properly verify signed re‐
53 sponses sent by the SCEP server back to the client. A discov‐
54 ered set is normally supplied by the certmonger daemon, but can
55 be specified for troubleshooting purposes.
56
57 -i ID, --id=ID
58 A CA identifier value which will passed to the server when the
59 scep-submit helper is used to retrieve copies of the server's
60 certificates.
61
62 -n, --non-renewal
63 The SCEP Renewal feature allows a client with a previously-is‐
64 sued certificate to use that certificate and the associated pri‐
65 vate key to request a new certificate for a different key pair,
66 and can be used to support certmonger's rekeying feature if the
67 SCEP server advertises support for it. This option forces the
68 scep-submit helper to issue requests without making use of this
69 feature.
70
71 -v, --verbose
72 Be verbose about errors. Normally, the details of an error re‐
73 ceived from the daemon will be suppressed if the client can make
74 a diagnostic suggestion.
75
76
78 Please file tickets for any that you find at https://fedora‐
79 hosted.org/certmonger/
80
81
83 certmonger(8) getcert(1) getcert-add-ca(1) getcert-list-cas(1)
84 getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-re‐
85 fresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1)
86 getcert-resubmit(1) getcert-status(1) getcert-stop-tracking(1) certmon‐
87 ger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8)
88 certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-lo‐
89 cal-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
90
91
92
93certmonger Manual February 24, 2015 CERTMONGER(1)