Provided by: certmonger_0.79.5-3ubuntu1_amd64 bug

NAME

       getcert

SYNOPSIS

       getcert add-scep-ca [options]

DESCRIPTION

       Adds  a  CA  configuration  to  certmonger,  which  can  subsequently  be  used  to enroll
       certificates.  The configuration will use the bundled scep-submit helper.  The add-scep-ca
       command is more or less a wrapper for the add-ca command.

OPTIONS

       -c NAME
              The nickname to give to this CA configuration.  This same value can later be passed
              in to getcert's request, resubmit, and start-tracking commands using the -c flag.

       -u URL The location of the SCEP  server's  enrollment  interface.   This  option  must  be
              specified.

       -R ca-certificate-file
              The  location  of  a  PEM-formatted  copy of the SCEP server's CA's certificate.  A
              discovered value is supplied by the certmonger daemon  for  use  in  verifying  the
              signature  on  data  returned  by the SCEP server, but it is not used for verifying
              HTTPS server certificates.  This option must be specified if the URL  is  an  https
              location.

       -r ra-certificate-file
              The  location  of  a  PEM-formatted  copy of the SCEP server's RA's certificate.  A
              discovered value is normally supplied by the certmonger  daemon,  but  one  can  be
              specified for troubleshooting purposes.

       -I other-certificates-file
              The  location  of  a  file containing other PEM-formatted certificates which may be
              needed in order to properly verify signed responses sent by the SCEP server back to
              the  client.   A  discovered set is normally supplied by the certmonger daemon, but
              can be specified for troubleshooting purposes.

       -i identifier
              A CA identifier value which will passed to the server when the  scep-submit  helper
              is used to retrieve copies of the server's certificates.

       -n     The  SCEP  Renewal  feature allows a client with a previously-issued certificate to
              use that certificate and the associated private key to request  a  new  certificate
              for  a different key pair, and can be used to support certmonger's rekeying feature
              if the SCEP server advertises support for it.  This option forces  the  scep-submit
              helper to issue requests without making use of this feature.

       -v     Be  verbose  about  errors.   Normally,  the  details of an error received from the
              daemon will be suppressed if the client can make a diagnostic suggestion.

BUGS

       Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

       certmonger(8) getcert(1) getcert-add-ca(1)  getcert-list-cas(1)  getcert-list(1)  getcert-
       modify-ca(1)  getcert-refresh-ca(1)  getcert-refresh(1)  getcert-rekey(1)  getcert-remove-
       ca(1) getcert-request(1)  getcert-resubmit(1)  getcert-status(1)  getcert-stop-tracking(1)
       certmonger-certmaster-submit(8)   certmonger-dogtag-ipa-renew-agent-submit(8)  certmonger-
       dogtag-submit(8)  certmonger-ipa-submit(8)   certmonger-local-submit(8)   certmonger-scep-
       submit(8) certmonger_selinux(8)