DragonFly On-Line Manual Pages

Search: Section:  

SCEPCLIENT(1)          DragonFly General Commands Manual         SCEPCLIENT(1)


NAME

       scepclient - request a certificate from a SCEP server, handle full
       protocol


SYNOPSYS

       scep [ options ] [ distinguished-name ]


DESCRIPTION

       While scep(1) only performs one request to a SCEP server and does not
       handle pending replies by trying again, scepclient handles the full
       SCEP protocol.  It does so be repeating calls to scep(1) until the
       certificate is granted, refused or a timeout (too many retries) occurs.
       The options needed to control the behavior of scepclient are
       essentially identical to those of scep.


OPTIONS

       (not quite correct yet)

       -d     increase the debug level by one (although this may not really be
              useful in this particular case).

       -ccacertificate
              specifies cacertificate as the file containing the certificate
              of the certification authority we want our request to sign.

       -rrequest
              specifies the file to contain the request. Note that the first
              call to scep generates the request from the private key
              specified with the -k option and the distinguished name on the
              command line.

       -kkeyfile
              The file keyfile contains the private key of the user in PEM
              format.

       -wchallenge
              specifies the challenge password to include in the options of
              the generated request. Note that this is only necessary in the
              first request, when the request file does not exist yet. Later
              requests for the certificate do no longer need the challenge
              password.

       -p     directs scep to poll the server for a the certificate. This is
              only needed if the first request provokes a `pending' reply.

       -uurl  Defines the URL to contact for SCEP requests. This will normally
              be something like

              http://openscep.othello.ch/cgi-bin

              Note that the SCEP specification fixes the name of the CGI-
              program to pkiclient.exe which seems to be unnecessary
              restrictive.


RETURN CODE

       Scepclient returns 0 if a certificate was retrieved, but 1 if not.


VERSION

       This page documents scepconf as it appears in version 0.4.2 of
       OpenSCEP.


SEE ALSO

       scep(1)


AUTHOR

       Andreas F. Mueller <andreas.mueller@othello.ch>

OpenSCEP                           02/19/16                      SCEPCLIENT(1)

Search: Section: