trustedge certificate scep
Usage |
|
Description | Uses SCEP for certificate enrollment, renewal, and key rekeying. |
Overview
TrustEdge certificate tool provides functionality for certificate enrollment, renewal, and key rekeying using the Simple Certificate Enrollment Protocol (SCEP).
Examples
TrustEdge certificate SCEP help (--help)
To view usage details and available options for TrustEdge certificate SCEP, use the --help
option:
trustedge certificate scep --help
Tip
You can add --help
to the end of any TrustEdge CLI command to view help information.
TAP hardware-based keys (--tap)
Important
In the following command examples, the keystore, CSR, and environment variables have been configured and the CA certificate has been downloaded.
Enroll a TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation PKCSReq --tap
Renew a TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RenewalReq --tap
Rekey a TAP key with another TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RekeyReq --tap
Enroll a password-protected TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation PKCSReq --tap --protect
Renew a password-protected TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RenewalReq --tap --protect --original-key-pw
Rekey a password-protected TAP key with another
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RekeyReq --tap --protect --original-key-pw