NAME
scepclient - request a certificate from a SCEP server, han-
dle full protocol
SYNOPSYS
scep [ options ] [ distinguished-name ]
DESCRIPTION
While scep(1) only performs one request to a SCEP server and
does not handle pending replies by trying again, scepclient
handles the full SCEP protocol. It does so be repeating
calls to scep(1) until the certificate is granted, refused
or a timeout (too many retries) occurs. The options needed
to control the behavior of scepclient are essentially ident-
ical to those of scep.
OPTIONS
(not quite correct yet)
-d increase the debug level by one (although this may not
really be useful in this particular case).
-ccacertificate
specifies cacertificate as the file containing the cer-
tificate of the certification authority we want our
request to sign.
-rrequest
specifies the file to contain the request. Note that
the first call to scep generates the request from the
private key specified with the -k option and the dis-
tinguished name on the command line.
-kkeyfile
The file keyfile contains the private key of the user
in PEM format.
-wchallenge
specifies the challenge password to include in the
options of the generated request. Note that this is
only necessary in the first request, when the request
file does not exist yet. Later requests for the certi-
ficate do no longer need the challenge password.
-p directs scep to poll the server for a the certificate.
This is only needed if the first request provokes a
`pending' reply.
-uurl
Defines the URL to contact for SCEP requests. This will
normally be something like
http://openscep.othello.ch/cgi-bin
Note that the SCEP specification fixes the name of the
CGI-program to pkiclient.exe which seems to be unneces-
sary restrictive.
RETURN CODE
Scepclient returns 0 if a certificate was retrieved, but 1
if not.
VERSION
This page documents scepconf as it appears in version 0.3.8
of OpenSCEP.
SEE ALSO
scep(1)
AUTHOR
Andreas F. Mueller <andreas.mueller@othello.ch>
Man(1) output converted with
man2html