scepclient - request a certificate from a SCEP server,  han-
     dle full protocol


     scep [ options ] [ distinguished-name ]


     While scep(1) only performs one request to a SCEP server and
     does  not handle pending replies by trying again, scepclient
     handles the full SCEP protocol.  It  does  so  be  repeating
     calls  to  scep(1) until the certificate is granted, refused
     or a timeout (too many retries) occurs.  The options  needed
     to control the behavior of scepclient are essentially ident-
     ical to those of scep.


     (not quite correct yet)

     -d   increase the debug level by one (although this may  not
          really be useful in this particular case).

          specifies cacertificate as the file containing the cer-
          tificate  of  the  certification  authority we want our
          request to sign.

          specifies the file to contain the  request.  Note  that
          the  first  call to scep generates the request from the
          private key specified with the -k option and  the  dis-
          tinguished name on the command line.

          The file keyfile contains the private key of  the  user
          in PEM format.

          specifies the challenge  password  to  include  in  the
          options  of  the  generated  request. Note that this is
          only necessary in the first request, when  the  request
          file  does not exist yet. Later requests for the certi-
          ficate do no longer need the challenge password.

     -p   directs scep to poll the server for a the  certificate.
          This  is  only  needed  if the first request provokes a
          `pending' reply.

          Defines the URL to contact for SCEP requests. This will
          normally be something like

          Note that the SCEP specification fixes the name of  the
          CGI-program to pkiclient.exe which seems to be unneces-
          sary restrictive.


     Scepclient returns 0 if a certificate was retrieved,  but  1
     if not.


     This page documents scepconf as it appears in version  0.3.8
     of OpenSCEP.




     Andreas F. Mueller <>

Man(1) output converted with man2html