getcert-add-scep-ca man page
getcert add-scep-ca [options]
Adds a CA configuration to certmonger, which can subsequently be used to enroll certificates. The configuration will use the bundled scep-submit helper. The add-scep-ca command is more or less a wrapper for the add-ca command.
- -c NAME
The nickname to give to this CA configuration. This same value can later be passed in to getcert's request, resubmit, and start-tracking commands using the -c flag.
- -u URL
The location of the SCEP server's enrollment interface. This option must be specified.
- -R ca-certificate-file
The location of a PEM-formatted copy of the SCEP server's CA's certificate. A discovered value is supplied by the certmonger daemon for use in verifying the signature on data returned by the SCEP server, but it is not used for verifying HTTPS server certificates. This option must be specified if the URL is an https location.
- -r ra-certificate-file
The location of a PEM-formatted copy of the SCEP server's RA's certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.
- -I other-certificates-file
The location of a file containing other PEM-formatted certificates which may be needed in order to properly verify signed responses sent by the SCEP server back to the client. A discovered set is normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.
- -i identifier
A CA identifier value which will passed to the server when the scep-submit helper is used to retrieve copies of the server's certificates.
The SCEP Renewal feature allows a client with a previously-issued certificate to use that certificate and the associated private key to request a new certificate for a different key pair, and can be used to support certmonger's rekeying feature if the SCEP server advertises support for it. This option forces the scep-submit helper to issue requests without making use of this feature.
Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion.
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
certmonger(8) getcert(1) getcert-add-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
certmaster-getcert(1), certmonger(8), certmonger-certmaster-submit(8), certmonger-dogtag-ipa-renew-agent-submit(8), certmonger-dogtag-submit(8), certmonger-ipa-submit(8), certmonger-local-submit(8), certmonger-scep-submit(8), getcert(1), getcert-add-ca(1), getcert-list(1), getcert-list-cas(1), getcert-modify-ca(1), getcert-refresh(1), getcert-refresh-ca(1), getcert-rekey(1), getcert-remove-ca(1), getcert-request(1), getcert-resubmit(1), getcert-start-tracking(1), getcert-status(1), getcert-stop-tracking(1), ipa-getcert(1), local-getcert(1), selfsign-getcert(1).