Provided by: certmonger_0.79.17-2_amd64 bug

NAME
       getcert


SYNOPSIS
       getcert add-scep-ca [options]


DESCRIPTION
       Adds  a  CA  configuration  to  certmonger,  which  can  subsequently  be  used  to enroll
       certificates.  The configuration will use the bundled scep-submit helper.  The add-scep-ca
       command is more or less a wrapper for the add-ca command.


OPTIONS
       All user-provided certificate files must be in PEM format.

       -c NAME, --ca=NAME
              The nickname to give to this CA configuration.  This same value can later be passed
              in to getcert's request, resubmit, and start-tracking commands using the -c flag.

       -u URL, --url=URL
              The location of the SCEP  server's  enrollment  interface.   This  option  must  be
              specified.

       -R FILE, --ca-cacert=FILE
              The location of a PEM-formatted copy of the CA's certificate used to verify the TLS
              connection the SCEP server.

              This option must be specified if the URL is an https location.

       -N FILE, --signingca=FILE
              The location of a PEM-formatted copy  of  the  SCEP  server's  CA  certificate.   A
              discovered  value  is  normally  supplied  by the certmonger daemon, but one can be
              specified for troubleshooting purposes.

       -r FILE, --ra-cert=FILE
              The location of a PEM-formatted copy of the  SCEP  server's  RA's  certificate.   A
              discovered  value  is  normally  supplied  by the certmonger daemon, but one can be
              specified for troubleshooting purposes.

       -I FILE, --other-certs=FILE
              The location of a file containing other PEM-formatted  certificates  which  may  be
              needed in order to properly verify signed responses sent by the SCEP server back to
              the client.  A discovered set is normally supplied by the  certmonger  daemon,  but
              can be specified for troubleshooting purposes.

       -i ID, --id=ID
              A  CA  identifier value which will passed to the server when the scep-submit helper
              is used to retrieve copies of the server's certificates.

       -n, --non-renewal
              The SCEP Renewal feature allows a client with a  previously-issued  certificate  to
              use  that  certificate  and the associated private key to request a new certificate
              for a different key pair, and can be used to support certmonger's rekeying  feature
              if  the  SCEP server advertises support for it.  This option forces the scep-submit
              helper to issue requests without making use of this feature.

       -v, --verbose
              Be verbose about errors.  Normally, the details  of  an  error  received  from  the
              daemon will be suppressed if the client can make a diagnostic suggestion.


BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/


SEE ALSO
       certmonger(8)    getcert(1)    getcert-add-ca(1)    getcert-list-cas(1)    getcert-list(1)
       getcert-modify-ca(1)     getcert-refresh-ca(1)     getcert-refresh(1)     getcert-rekey(1)
       getcert-remove-ca(1)      getcert-request(1)     getcert-resubmit(1)     getcert-status(1)
       getcert-stop-tracking(1)                                   certmonger-certmaster-submit(8)
       certmonger-dogtag-ipa-renew-agent-submit(8)                    certmonger-dogtag-submit(8)
       certmonger-ipa-submit(8)       certmonger-local-submit(8)        certmonger-scep-submit(8)
       certmonger_selinux(8)