plucky (1) getcert-add-scep-ca.1.gz

Provided by: certmonger_0.79.20-2_amd64 bug

NAME
       getcert


SYNOPSIS
       getcert add-scep-ca [options]


DESCRIPTION
       Adds  a  CA  configuration  to  certmonger,  which  can subsequently be used to enroll certificates.  The
       configuration will use the bundled scep-submit helper.  The add-scep-ca command is more or less a wrapper
       for the add-ca command.


OPTIONS
       All user-provided certificate files must be in PEM format.

       -c NAME, --ca=NAME
              The  nickname  to  give  to  this  CA  configuration.   This  same value can later be passed in to
              getcert's request, resubmit, and start-tracking commands using the -c flag.

       -u URL, --url=URL
              The location of the SCEP server's enrollment interface.  This option must be specified.

       -R FILE, --ca-cert=FILE
              The location of a PEM-formatted copy of the CA's certificate used to verify the TLS connection the
              SCEP server.

              This option must be specified if the URL is an https location.

       -N FILE, --signingca=FILE
              The  location  of a PEM-formatted copy of the SCEP server's CA certificate.  A discovered value is
              normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

       -r FILE, --ra-cert=FILE
              The location of a PEM-formatted copy of the SCEP server's RA's certificate.  A discovered value is
              normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

       -I FILE, --other-certs=FILE
              The location of a file containing other PEM-formatted certificates which may be needed in order to
              properly verify signed responses sent by the SCEP server back to the client.  A discovered set  is
              normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.

       -i ID, --id=ID
              A  CA  identifier  value  which  will  passed to the server when the scep-submit helper is used to
              retrieve copies of the server's certificates.

       -n, --non-renewal
              The SCEP Renewal feature allows  a  client  with  a  previously-issued  certificate  to  use  that
              certificate  and the associated private key to request a new certificate for a different key pair,
              and can be used to support certmonger's rekeying feature if the SCEP server advertises support for
              it.   This  option  forces  the  scep-submit  helper  to issue requests without making use of this
              feature.

       -v, --verbose
              Be verbose about errors.  Normally, the details of an error  received  from  the  daemon  will  be
              suppressed if the client can make a diagnostic suggestion.


BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/


SEE ALSO
       certmonger(8)   getcert(1)  getcert-add-ca(1)  getcert-list-cas(1)  getcert-list(1)  getcert-modify-ca(1)
       getcert-refresh-ca(1)   getcert-refresh(1)   getcert-rekey(1)   getcert-remove-ca(1)   getcert-request(1)
       getcert-resubmit(1)     getcert-status(1)     getcert-stop-tracking(1)    certmonger-certmaster-submit(8)
       certmonger-dogtag-ipa-renew-agent-submit(8)     certmonger-dogtag-submit(8)      certmonger-ipa-submit(8)
       certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)