trustedge certificate scep
2 minute read
| Usage | trustedge certificate scep [options] |
| Description | Uses SCEP for certificate enrollment, renewal, and key rekeying. |
Overview
TrustEdge certificate tool provides functionality for certificate enrollment, renewal, and key rekeying using the Simple Certificate Enrollment Protocol (SCEP).
Examples
TrustEdge certificate SCEP help (–help)
To view usage details and available options for TrustEdge certificate SCEP, use the --help option:
trustedge certificate scep --help
Tip
You can add--help to the end of any TrustEdge CLI command to view help information.TAP hardware-based keys (–tap)
Important
In the following command examples, the keystore, CSR, and environment variables have been configured and the CA certificate has been downloaded.Enroll a TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation PKCSReq --tap
Renew a TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RenewalReq --tap
Rekey a TAP key with another TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTap --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RekeyReq --tap
Enroll a password-protected TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation PKCSReq --tap --protect
Renew a password-protected TAP key
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RenewalReq --tap --protect --original-key-pw
Rekey a password-protected TAP key with another
trustedge certificate scep --scepc-serverURL ${SCEP_ENDPOINT} --scepc-serverType GEN_POST --csr-conf sample_scep_csr.cnf --algorithm RSA --size 2048 --key-alias myGenTapPw --scepc-challengePass ${SCEP_PASS} --scepc-pkiOperation RekeyReq --tap --protect --original-key-pw
Was this page helpful?
Provide feedback