Skip to main content

trustedge certificate scep

Usage

trustedge certificate scep [options]

Description

Uses SCEP for certificate enrollment, renewal, and key rekeying.

Overview

TrustEdge certificate tool provides functionality for certificate enrollment, renewal, and key rekeying using the Simple Certificate Enrollment Protocol (SCEP).

Examples

TrustEdge certificate SCEP help (--help)

To view usage details and available options for TrustEdge certificate SCEP, use the --help option:

trustedge certificate scep --help

Tip

You can add --help to the end of any TrustEdge CLI command to view help information.

TAP hardware-based keys (--tap)

Enroll a TAP key

 trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation PKCSReq --tap

Renew a TAP key

 trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RenewalReq --tap

Rekey a TAP key with another TAP key

 trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RekeyReq --tap

Enroll a password-protected TAP key

 trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation PKCSReq --tap --protect

Renew a password-protected TAP key

 trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RenewalReq --tap --protect --original-key-pw

Rekey a password-protected TAP key with another

 trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RekeyReq --tap --protect --original-key-pw