Provided by: certmonger_0.79.5-3ubuntu1_amd64 bug

NAME
       getcert


SYNOPSIS
       getcert add-scep-ca [options]


DESCRIPTION
       Adds  a  CA  configuration  to  certmonger,  which  can subsequently be used to enroll certificates.  The
       configuration will use the bundled scep-submit helper.  The add-scep-ca command is more or less a wrapper
       for the add-ca command.


OPTIONS
       -c NAME
              The  nickname  to  give  to  this  CA  configuration.   This  same value can later be passed in to
              getcert's request, resubmit, and start-tracking commands using the -c flag.

       -u URL The location of the SCEP server's enrollment interface.  This option must be specified.

       -R ca-certificate-file
              The location of a PEM-formatted copy of the SCEP server's CA's certificate.  A discovered value is
              supplied  by the certmonger daemon for use in verifying the signature on data returned by the SCEP
              server, but it is not used for verifying HTTPS server certificates.  This option must be specified
              if the URL is an https location.

       -r ra-certificate-file
              The location of a PEM-formatted copy of the SCEP server's RA's certificate.  A discovered value is
              normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

       -I other-certificates-file
              The location of a file containing other PEM-formatted certificates which may be needed in order to
              properly  verify signed responses sent by the SCEP server back to the client.  A discovered set is
              normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.

       -i identifier
              A CA identifier value which will passed to the server when  the  scep-submit  helper  is  used  to
              retrieve copies of the server's certificates.

       -n     The  SCEP  Renewal  feature  allows  a  client  with  a  previously-issued certificate to use that
              certificate and the associated private key to request a new certificate for a different key  pair,
              and can be used to support certmonger's rekeying feature if the SCEP server advertises support for
              it.  This option forces the scep-submit helper to  issue  requests  without  making  use  of  this
              feature.

       -v     Be  verbose  about  errors.   Normally,  the  details of an error received from the daemon will be
              suppressed if the client can make a diagnostic suggestion.


BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/


SEE ALSO
       certmonger(8)  getcert(1)  getcert-add-ca(1)  getcert-list-cas(1)  getcert-list(1)   getcert-modify-ca(1)
       getcert-refresh-ca(1)   getcert-refresh(1)   getcert-rekey(1)   getcert-remove-ca(1)   getcert-request(1)
       getcert-resubmit(1)    getcert-status(1)     getcert-stop-tracking(1)     certmonger-certmaster-submit(8)
       certmonger-dogtag-ipa-renew-agent-submit(8)      certmonger-dogtag-submit(8)     certmonger-ipa-submit(8)
       certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)