DOKK / manpages / debian 11 / certmonger / getcert-add-scep-ca.1.en
CERTMONGER(1) General Commands Manual CERTMONGER(1)

getcert

getcert add-scep-ca [options]

Adds a CA configuration to certmonger, which can subsequently be used to enroll certificates. The configuration will use the bundled scep-submit helper. The add-scep-ca command is more or less a wrapper for the add-ca command.

The nickname to give to this CA configuration. This same value can later be passed in to getcert's request, resubmit, and start-tracking commands using the -c flag.
The location of the SCEP server's enrollment interface. This option must be specified.
The location of a PEM-formatted copy of the CA's certificate used to verify the TLS connection the SCEP server.

This option must be specified if the URL is an https location.

The location of a PEM-formatted copy of the SCEP server's CA certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.
The location of a PEM-formatted copy of the SCEP server's RA's certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.
The location of a file containing other PEM-formatted certificates which may be needed in order to properly verify signed responses sent by the SCEP server back to the client. A discovered set is normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.
A CA identifier value which will passed to the server when the scep-submit helper is used to retrieve copies of the server's certificates.
The SCEP Renewal feature allows a client with a previously-issued certificate to use that certificate and the associated private key to request a new certificate for a different key pair, and can be used to support certmonger's rekeying feature if the SCEP server advertises support for it. This option forces the scep-submit helper to issue requests without making use of this feature.
Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion.

Please file tickets for any that you find at https://fedorahosted.org/certmonger/

certmonger(8) getcert(1) getcert-add-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)

February 24, 2015 certmonger Manual