Provided by: certmonger_0.78.6-3_amd64 bug

NAME
       getcert


SYNOPSIS
       getcert add-scep-ca [options]


DESCRIPTION
       Adds  a  CA  configuration  to  certmonger,  which  can subsequently be used to enroll certificates.  The
       configuration will use the bundled scep-submit helper.  The add-scep-ca command is more or less a wrapper
       for the add-ca command.


OPTIONS
       -c NAME
              The nickname to give to this CA configuration.   This  same  value  can  later  be  passed  in  to
              getcert's request, resubmit, and start-tracking commands using the -c flag.

       -u URL The location of the SCEP server's enrollment interface.  This option must be specified.

       -R ca-certificate-file
              The location of a PEM-formatted copy of the SCEP server's CA's certificate.  A discovered value is
              supplied  by the certmonger daemon for use in verifying the signature on data returned by the SCEP
              server, but it is not used for verifying HTTPS server certificates.  This option must be specified
              if the URL is an https location.

       -r ra-certificate-file
              The location of a PEM-formatted copy of the SCEP server's RA's certificate.  A discovered value is
              normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

       -I other-certificates-file
              The location of a file containing other PEM-formatted certificates which may be needed in order to
              properly verify signed responses sent by the SCEP server back to the client.  A discovered set  is
              normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.

       -i identifier
              A  CA  identifier  value  which  will  passed to the server when the scep-submit helper is used to
              retrieve copies of the server's certificates.

       -n     The SCEP Renewal feature allows  a  client  with  a  previously-issued  certificate  to  use  that
              certificate  and the associated private key to request a new certificate for a different key pair,
              and can be used to support certmonger's rekeying feature if the SCEP server advertises support for
              it.  This option forces the scep-submit helper to  issue  requests  without  making  use  of  this
              feature.

       -v     Be  verbose  about  errors.   Normally,  the  details of an error received from the daemon will be
              suppressed if the client can make a diagnostic suggestion.


BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/


SEE ALSO
       certmonger(8)  getcert(1)  getcert-add-ca(1)  getcert-list-cas(1)  getcert-list(1)   getcert-modify-ca(1)
       getcert-refresh-ca(1)   getcert-refresh(1)  getcert-remove-ca(1)  getcert-request(1)  getcert-resubmit(1)
       getcert-status(1) getcert-stop-tracking(1)  certmonger-certmaster-submit(8)  certmonger-dogtag-ipa-renew-
       agent-submit(8)     certmonger-dogtag-submit(8)    certmonger-ipa-submit(8)    certmonger-local-submit(8)
       certmonger-scep-submit(8) certmonger_selinux(8)

certmonger Manual                               24 February 2015                                   certmonger(1)