Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help


       Returns the certifcate of the RA	and CA issuer including	its chain.

       The chain is cached/read	from the datapool, namespace scep.cache.getca,
       the key is created by joining servername, scep-alias and	issuer-alias
       with a colon, e.g. 'vpnservice:ca-scep-5:ca-signer-2'.

       In case you want	a special response, e.g. including extra chain
       certificates you	can set	the datapool item manually

       If no value is found in the datapool, __build_chain is called to	create
       it and the result is cached using the datapool for seven	days.

       Return information on the certificates used by the scep server.	With
       default settings, the following certs are returned in order:

       scep server certificate
	       entity certificate used by the scep server

       scep server chain
	       the full	chain including	without	the root certificate for the
	       scep entity certificate

       current issuer certificate
	       the certificate currently used for certificate issuance.

       issuer chain
	       the chain of the	issuing	ca, starting with the first
	       intermediate certificate.

       Certificates used in both scep and issuer chain are only	included once.

       The responses are cached	using the datapool, you	can strip chain/root
       by config settings, see below, or inject	arbitrary chains into the

       Returns the CA certificate chain	including the HTTP header needed for
       the scep	CGI script.

       Config layout (at scep.<server>)	is:

		 ra:	 fullchain
		 issuer: fullchain

       Options are endentity (cert only), chain	(no root) and fullchain
       (includes root certificate).

       The old config option response.getcacert_strip_root is still recognized
       but deprecated.

perl v5.32.0		     OpenXPKI::Service::LibSCEP::Command::GetCACert(3)

Name | Description | Functions

Want to link to this manual page? Use this URL:

home | help