PKI SCEP QUERY

Level

pki,modify LICENCE PKI

History

Appears in Netasq 9.0.2
renew appears in 2.5.0
post appears in 3.9.0
Profile loading appears in 3.9.0
tpm appears in 3.10.0
force appears in 4.2.0
force removed in 4.7.0

Description

Generate a private key locally and query a new certificate on the remote host.

Example

PKI SCEP QUERY type=user caname=remote_autority password="SCEP_challenge" url="http://microsoftPKI/certsrv/mscep/mscep.dll" CN="John Doe" E=j.doe@company.com UPN="john.doe@COMPANY.DOMAIN"
PKI SCEP QUERY type=server CN="www.company.com" size=1024 caname=remote_autority password="SCEP_challenge" url="http://ciscoPKI/cgi-bin/scep/scep" ALTNAMES="*.companie.com;companie.com;10.1.2.3"
PKI SCEP QUERY type=server size=1024 caname=remote_autority password= url="http://ciscoPKI/cgi-bin/scep/scep" renew="remote_autority:previous_certificate"

Usage

type=<user|server|smartcard|ca>
password=<The SCEP password to use, leave blank if none>
caname=<name>
url=<HTTP URL>
[bindaddr=<host or IP>]
[bindport<port>]
[post=ON|off]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
[renew=<pki_ca:pki_certificate>]
[scepcaname=<pki_ca: used to communicate with server if different of the signing one>]
[CN=<name>] : required on creation. Optional for renewal
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[tpm=<none|ondisk>]

Format

section

Returns

In case of success :
[Result]
status=SUCCESS
name=<certificate name>

In case of failure :
[Result]
status=REJECT
reason=<reason string>

In case of pending result :
[Result]
status=PENDING
transaction=<transactionID>