SCEPCLIENT(1)SCEPCLIENT(1)NAME
scepclient - request a certificate from a SCEP server, handle full pro‐
tocol
SYNOPSYS
scep [ options ] [ distinguished-name ]
DESCRIPTION
While scep(1) only performs one request to a SCEP server and does not
handle pending replies by trying again, scepclient handles the full
SCEP protocol. It does so be repeating calls to scep(1) until the cer‐
tificate is granted, refused or a timeout (too many retries) occurs.
The options needed to control the behavior of scepclient are essen‐
tially identical to those of scep.
OPTIONS
(not quite correct yet)
-d increase the debug level by one (although this may not really be
useful in this particular case).
-ccacertificate
specifies cacertificate as the file containing the certificate
of the certification authority we want our request to sign.
-rrequest
specifies the file to contain the request. Note that the first
call to scep generates the request from the private key speci‐
fied with the -k option and the distinguished name on the com‐
mand line.
-kkeyfile
The file keyfile contains the private key of the user in PEM
format.
-wchallenge
specifies the challenge password to include in the options of
the generated request. Note that this is only necessary in the
first request, when the request file does not exist yet. Later
requests for the certificate do no longer need the challenge
password.
-p directs scep to poll the server for a the certificate. This is
only needed if the first request provokes a `pending' reply.
-uurl Defines the URL to contact for SCEP requests. This will normally
be something like
http://openscep.othello.ch/cgi-bin
Note that the SCEP specification fixes the name of the CGI-pro‐
gram to pkiclient.exe which seems to be unnecessary restrictive.
RETURN CODE
Scepclient returns 0 if a certificate was retrieved, but 1 if not.
VERSION
This page documents scepconf as it appears in version 0.4.2 of Open‐
SCEP.
SEE ALSOscep(1)AUTHOR
Andreas F. Mueller <andreas.mueller@othello.ch>
OpenSCEP 02/19/16 SCEPCLIENT(1)