FreeBSD Manual Pages
CERTMONGER(1) General Commands Manual CERTMONGER(1) NAME getcert SYNOPSIS getcert add-scep-ca [options] DESCRIPTION Adds a CA configuration to certmonger, which can subsequently be used to enroll certificates. The configuration will use the bundled scep-submit helper. The add-scep-ca command is more or less a wrapper for the add-ca command. OPTIONS All user-provided certificate files must be in PEM format. -c NAME, --ca=NAME The nickname to give to this CA configuration. This same value can later be passed in to getcert's request, resubmit, and start-tracking commands using the -c flag. -u URL, --url=URL The location of the SCEP server's enrollment interface. This option must be specified. -R FILE, --ca-cert=FILE The location of a PEM-formatted copy of the CA's certificate used to verify the TLS connection the SCEP server. This option must be specified if the URL is an https location. -N FILE, --signingca=FILE The location of a PEM-formatted copy of the SCEP server's CA certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes. -r FILE, --ra-cert=FILE The location of a PEM-formatted copy of the SCEP server's RA's certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes. -I FILE, --other-certs=FILE The location of a file containing other PEM-formatted certifi- cates which may be needed in order to properly verify signed re- sponses sent by the SCEP server back to the client. A discov- ered set is normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes. -i ID, --id=ID A CA identifier value which will passed to the server when the scep-submit helper is used to retrieve copies of the server's certificates. -n, --non-renewal The SCEP Renewal feature allows a client with a previously-is- sued certificate to use that certificate and the associated pri- vate key to request a new certificate for a different key pair, and can be used to support certmonger's rekeying feature if the SCEP server advertises support for it. This option forces the scep-submit helper to issue requests without making use of this feature. -v, --verbose Be verbose about errors. Normally, the details of an error re- ceived from the daemon will be suppressed if the client can make a diagnostic suggestion. BUGS Please file tickets for any that you find at https://fedora- hosted.org/certmonger/ SEE ALSO certmonger(8) getcert(1) getcert-add-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-re- fresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-status(1) getcert-stop-tracking(1) certmon- ger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-lo- cal-submit(8) certmonger-scep-submit(8) certmonger_selinux(8) certmonger Manual February 24, 2015 CERTMONGER(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | BUGS | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=getcert-add-scep-ca&sektion=1&manpath=FreeBSD+Ports+15.0>