Provided by: certmonger_0.78.6-2_i386 bug




       getcert add-scep-ca [options]


       Adds  a  CA configuration to certmonger, which can subsequently be used
       to enroll certificates.  The configuration will use the  bundled  scep-
       submit  helper.   The add-scep-ca command is more or less a wrapper for
       the add-ca command.


       -c NAME
              The nickname to give to this CA configuration.  This same  value
              can  later  be  passed  in  to  getcert's request, resubmit, and
              start-tracking commands using the -c flag.

       -u URL The location of the SCEP server's  enrollment  interface.   This
              option must be specified.

       -R ca-certificate-file
              The  location  of a PEM-formatted copy of the SCEP server's CA's
              certificate.  A discovered value is supplied by  the  certmonger
              daemon  for  use  in verifying the signature on data returned by
              the SCEP server, but it is not used for verifying  HTTPS  server
              certificates.   This  option  must be specified if the URL is an
              https location.

       -r ra-certificate-file
              The location of a PEM-formatted copy of the SCEP  server's  RA's
              certificate.   A  discovered  value  is normally supplied by the
              certmonger daemon, but one can be specified for  troubleshooting

       -I other-certificates-file
              The   location   of   a   file  containing  other  PEM-formatted
              certificates which may be needed in  order  to  properly  verify
              signed  responses sent by the SCEP server back to the client.  A
              discovered set is normally supplied by  the  certmonger  daemon,
              but can be specified for troubleshooting purposes.

       -i identifier
              A  CA  identifier value which will passed to the server when the
              scep-submit helper is used to retrieve copies  of  the  server's

       -n     The  SCEP  Renewal  feature  allows  a client with a previously-
              issued certificate to use that certificate  and  the  associated
              private  key  to  request  a new certificate for a different key
              pair, and can be used to support certmonger's  rekeying  feature
              if  the  SCEP  server  advertises  support  for it.  This option
              forces the scep-submit helper to issue requests  without  making
              use of this feature.

       -v     Be  verbose  about  errors.   Normally,  the details of an error
              received from the daemon will be suppressed if  the  client  can
              make a diagnostic suggestion.


       Please     file     tickets     for    any    that    you    find    at


       certmonger(8) getcert(1) getcert-add-ca(1) getcert-list-cas(1) getcert-
       list(1)  getcert-modify-ca(1)  getcert-refresh-ca(1) getcert-refresh(1)
       getcert-remove-ca(1)  getcert-request(1)  getcert-resubmit(1)  getcert-
       status(1)    getcert-stop-tracking(1)   certmonger-certmaster-submit(8)
       certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8)
       certmonger-ipa-submit(8)   certmonger-local-submit(8)  certmonger-scep-
       submit(8) certmonger_selinux(8)