scepclient - request a certificate from a SCEP server, han-
dle full protocol
scep [ options ] [ distinguished-name ]
While scep(1) only performs one request to a SCEP server and
does not handle pending replies by trying again, scepclient
handles the full SCEP protocol. It does so be repeating
calls to scep(1) until the certificate is granted, refused
or a timeout (too many retries) occurs. The options needed
to control the behavior of scepclient are essentially ident-
ical to those of scep.
(not quite correct yet)
-d increase the debug level by one (although this may not
really be useful in this particular case).
specifies cacertificate as the file containing the cer-
tificate of the certification authority we want our
request to sign.
specifies the file to contain the request. Note that
the first call to scep generates the request from the
private key specified with the -k option and the dis-
tinguished name on the command line.
The file keyfile contains the private key of the user
in PEM format.
specifies the challenge password to include in the
options of the generated request. Note that this is
only necessary in the first request, when the request
file does not exist yet. Later requests for the certi-
ficate do no longer need the challenge password.
-p directs scep to poll the server for a the certificate.
This is only needed if the first request provokes a
Defines the URL to contact for SCEP requests. This will
normally be something like
Note that the SCEP specification fixes the name of the
CGI-program to pkiclient.exe which seems to be unneces-
Scepclient returns 0 if a certificate was retrieved, but 1
This page documents scepconf as it appears in version 0.3.8
Andreas F. Mueller <firstname.lastname@example.org>
Man(1) output converted with