PKI SCEP QUERY

Level

pki+modify LICENCE PKI

History

Appears in 9 0 2
renew appears in 2 5 0
post appears in 3 9 0
Profile loading appears in 3 9 0

Description

Generate a private key locally and query a new certificate on the remote host CACHE_CATEGORY pki

Example

PKI SCEP QUERY type=user caname=remote_autority password="SCEP_challenge" url="http://microsoftPKI/certsrv/mscep/mscep dll" CN="John Doe" E=j doe@company com UPN="john doe@COMPANY DOMAIN"
PKI SCEP QUERY type=server CN="www company com" size=1024 caname=remote_autority password="SCEP_challenge" url="http://ciscoPKI/cgi-bin/scep/scep" ALTNAMES="* companie com;companie com;10 1 2 3"
PKI SCEP QUERY type=server size=1024 caname=remote_autority password= url="http://ciscoPKI/cgi-bin/scep/scep" renew="remote_autority:previous_certificate"

Implementation notes

Use caname's ([caname]) profile if previously set and complete with given parameters
If no profile exists, an attempt is made with the given parameters
You must specify the authority of the peer ( [caname=authority] ), else the default authority is taken
The password is the remote challenge to use
Microsoft SCEP does not support AltNames with IPs
To renew a certificate, give it in renew parameter Its name will be guessed from it

Usage

type=<user|server|smartcard|ca>
password=<The SCEP password to use, leave blank if none>
caname=<name>
url=<HTTP URL>
[bindaddr=<host or IP>]
[bindport<port>]
[post=ON|off]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
[renew=<pki_ca:pki_certificate>]
[scepcaname=<pki_ca: used to communicate with server if different of the signing one>]
[CN=<name>] : required on creation Optional for renewal
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]

Format

section

Returns

In case of success :
[Result]
status=SUCCESS
name=<certificate name>

In case of failure :
[Result]
status=REJECT
reason=<reason string>

In case of pending result :
[Result]
status=PENDING
transaction=<transactionID>