Reference Guide
Parameter Description
[CountryName=country]
[State=state]
[Locality=locality]
[Organization=organization_name]
[OrganizationUnit=organization_unit]
[CommonName=common_name]
[Email=email_address]
[KeyUsage=key_usage]
[KeyLength={1024, 2048, 4096}]
[subAltName=subject_alt_name_list]
[RequestURL=scep_request_url]
[CACertHashType={MD5, SHA1, SHA256}]
[CACertHash=CA_HASH_VALUE]
[EnrollPwd=enrollment_password]
[EnrollPwdEnc=encrypted_enrollment_password]
[ScepAdminUrl=scep_administrator_page_url]
[ScepUser=scep_enrollment_user]
[ScepUserDomain=scep_enrollment_user_domain]
[ScepUserPwd=scep_enrollment_user_password]
[ScepUserPwdEnc=encrypted_scep_enrollment_user_password]
Set
AutoRenew—Set this keyword to yes to enable certicate
auto renew. Client only tries to renew certicates requested either
manually or automatically through SCEP from this client, and the
renewal is performed only after a certicate's 1/2 valid period has
passed.
Set InstallCACert—Set this keyword to yes to install the root CA's
certicate as trusted certicate after successfully getting a client
certicate.
CountryName, State, Locality, Organization, OrganizationUnit,
CommonName, Email—These keywords together compose the
subject identity of the requested client certicate. Country Name
should be two letter in uppercase, other elds are printable strings
with a length shorter than 64 bytes, and email_address should have
a '@' in it. At least one of the above elds must be congured
correctly to form the client certicate's subject identity.
KeyUsage —This option is to specify key usage of the client
certicate and should be set to a digitalSignature, keyEncipherment
or both using a ';' concatenating these two as
digitalSignature;keyEncipherment.
KeyLength—This option is to specify the key length of the client
certicate in bits, must one of the value in the list.
subAltName—This option is to specify the client certicate's
subject alternative names. It is a sequenced list of name elements,
and every element is either a DNS name or an IP address. Use ';' as
delimiter between them.
RequestURL—The RequestURL option is to specify the SCEP
server service URL. This eld must be set correctly. The default
protocol for SCEP services is HTTP, which also ensures data
security. You can also add the prex https:// if SCEP service is
deployed on HTTPS in your environment.
CACertHashType—CACertHashType is used to verify the
authenticity of the certicate authority. This option must be set to
MD5 or SHA1 or SHA256.
CACertHash—This is the hash value used to verify certicate
authority's certicate. Client will not issue a certicate request to a
SCEP server and cannot pass certicate chain checking through a
valid certicate authority.
EnrollPwd or EnrollPwdEnc—These keywords are used to set the
enrollment password from a SCEP administrator.
EnrollPwd is the plain-text enrollment password and EnrollPwdEnc
is the encrypted form of the same enrollment password. Use only
one of these two elds to set the used enrollment password.
As a substitute of using EnrollPwd or EnrollPwdEnc to directly
specify an enrollment password, client allows using a SCEP
administrator's credential to automatically get an enrollment
password from a Windows SCEP server. In this case, the
ScepUser, ScepUserDomain, ScepUserPwd (or
ScepUserPwdEnc, in encrypted form instead of plan-text) are used
to specify the SCEP administrator's credential, and ScepAdminUrl
must be set correctly to specify the corresponding SCEP admin
web page's URL. If neither EnrollPwd nor EnrollPwdEnc is set,
client will try to use these set of settings to automatically get an
enrollment password and then use that password to request a
certicate. If communication security is necessary in your
Parameters for wnos INI
les only 33