PKI SCEP GETCACERT

Level

pki,modify LICENCE PKI

History

Appears in 3.9.0

Description

Check/Display and/or import the root CA for SCEP certificates

Cache category

pki

Usage

url=<SCEP server's URL>
[fingerprint=<SCEP CA's hash>]
[caname=<user ID for installed CA>]
[post=ON|off]
Display the fingerprint if only the url is supplied
Compare to the given fingerprint if the url AND a finger print is provided
Import the CA under caname if its fingerprint match the given one.

Example

Get the CA's SHA256 fingerprint from a SCEP server
PKI SCEP GETCACERT url="http://192.168.1.1/scep_service/" post=on
101 code=01101000 msg="CA's Fingerprint" format="section_line"
[Result]
url="http://192.168.1.1/scep_service/"
fingerprint="XXXXXXXXXXXXXXXXXXXXXX"
100 code=00a00100 msg="Ok"

Check the fingerprint of a SCEP server
PKI SCEP GETCACERT url="http://192.168.1.1/scep_service/" fingerprint="XXXXXXXXXXXXXXXXXXXXXX" post=off
101 code=01101000 msg="CA's Fingerprint" format="section_line"
[Result]
url="http://192.168.1.1/scep_service/"
input_fingerprint="XXXXXXXXXXXXXXXXXXXXXX"
fingerprint="XXXXXXXXXXXXXXXXXXXXXX"
100 code=00a00100 msg="Ok" / 200 code=00a00100 msg="Failed" (depend if the fingerprints matches)

Import the CA if it matches the given fingerprint
- The url parameter can be read from the configuration file (PKI SCEP UPDATE)
PKI SCEP GETCACERT fingerprint="XXXXXXXXXXXXXXXXXXXXXX" caname="My_scep_ca" [url="http://192.168.1.1/scep_service/"]

Returns

The server url and its CA's fingerprint
The import name if required.