getcert

       Please file tickets for any that you find at https://fedorahosted.org/certmonger/

       Adds  a  CA  configuration  to  certmonger,  which  can subsequently be used to enroll certificates.  The
       configuration will use the bundled scep-submit helper.  The add-scep-ca command is more or less a wrapper
       for the add-ca command.

       getcert

       All user-provided certificate files must be in PEM format.

       -cNAME, --ca=NAME
              The nickname to give to this CA configuration.   This  same  value  can  later  be  passed  in  to
              getcert's request, resubmit, and start-tracking commands using the -c flag.

       -uURL, --url=URL
              The location of the SCEP server's enrollment interface.  This option must be specified.

       -RFILE, --ca-cert=FILE
              The location of a PEM-formatted copy of the CA's certificate used to verify the TLS connection the
              SCEP server.

              This option must be specified if the URL is an https location.

       -NFILE, --signingca=FILE
              The  location  of a PEM-formatted copy of the SCEP server's CA certificate.  A discovered value is
              normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

       -rFILE, --ra-cert=FILE
              The location of a PEM-formatted copy of the SCEP server's RA's certificate.  A discovered value is
              normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes.

       -IFILE, --other-certs=FILE
              The location of a file containing other PEM-formatted certificates which may be needed in order to
              properly verify signed responses sent by the SCEP server back to the client.  A discovered set  is
              normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes.

       -iID, --id=ID
              A  CA  identifier  value  which  will  passed to the server when the scep-submit helper is used to
              retrieve copies of the server's certificates.

       -n, --non-renewal
              The SCEP Renewal feature allows  a  client  with  a  previously-issued  certificate  to  use  that
              certificate  and the associated private key to request a new certificate for a different key pair,
              and can be used to support certmonger's rekeying feature if the SCEP server advertises support for
              it.  This option forces the scep-submit helper to  issue  requests  without  making  use  of  this
              feature.

       -v, --verbose
              Be  verbose  about  errors.   Normally,  the  details of an error received from the daemon will be
              suppressed if the client can make a diagnostic suggestion.

certmonger(8)  getcert(1)  getcert-add-ca(1)  getcert-list-cas(1)  getcert-list(1)   getcert-modify-ca(1)
       getcert-refresh-ca(1)   getcert-refresh(1)   getcert-rekey(1)   getcert-remove-ca(1)   getcert-request(1)
       getcert-resubmit(1)    getcert-status(1)     getcert-stop-tracking(1)     certmonger-certmaster-submit(8)
       certmonger-dogtag-ipa-renew-agent-submit(8)      certmonger-dogtag-submit(8)     certmonger-ipa-submit(8)
       certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)

certmonger Manual                               February 24, 2015                                  CERTMONGER(1)

       getcert add-scep-ca [options]