Release Notes
Parameters Description
[State=state]
[Locality=locality]
[Organization=organization_name]
[OrganizationUnit=organization_unit]
[CommonName=common_name]
[Email=email_address]
KeyUsage=key_usage
KeyLength={1024, 2048, 4096 }
[subAltName=subject_alt_name_list]
RequestURL=scep_request_url
CACertHashType={MD5, SHA1}
CACertHash=CA_HASH_VALUE
[EnrollPwd=enrollment_password]
[EnrollPwdEnc=encrypted_enrollment_password]
[ScepAdminUrl=scep_administrator_page_url]
[ScepUser=scep_enrollment_user]
[ScepUserDomain=scep_enrollment_user_domain]
[ScepUserPwd=scep_enrollment_user_password]
[ScepUserPwdEnc=encrypted_scep_enrollment_user_password]
manually or automatically through SCEP from this client, and the
renewal is performed only after a certicate's 1/2 valid period has
passed.
Set InstallCACert—Set this keyword to yes to install the root CA's
certicate as trusted certicate after successfully getting a client
certicate.
CountryName, State, Locality, Organization, OrganizationUnit,
CommonName, Email—These keywords together compose the
subject identity of the requested client certicate. Country Name
should be two letter in uppercase, other elds are printable strings
with a length shorter than 64 bytes, and email_address should have
a '@' in it. At least one of the above elds must be congured
correctly to form the client certicate's subject identity.
KeyUsage —This option is to specify key usage of the client
certicate and should be set to a digitalSignature, keyEncipherment
or both using a ';' concatenating these two as
digitalSignature;keyEncipherment.
KeyLength—This option is to specify the key length of the client
certicate in bits, must one of the value in the list.
subAltName—This option is to specify the client certicate's
subject alternative names. It is a sequenced list of name elements,
and every element is either a DNS name or an IP address. Use ';' as
delimiter between them.
RequestURL—This option is to specify the SCEP server's service
URL. This eld must be set correctly. The default protocol for SCEP
service is HTTP and data security is ensured by SCEP itself. You
can also add the prex https://, if SCEP service is deployed on
HTTPS in your environment.*
CACertHashType—This option is the hash type used to verify
certicate authority's certicate. This option must be set to MD5 or
SHA1 or SHA256.*
CACertHash—This is the hash value used to verify certicate
authority's certicate. Client will not issue a certicate request to a
SCEP server and cannot pass certicate chain checking through a
valid certicate authority.
EnrollPwd or EnrollPwdEnc—These keywords are used to set the
enrollment password from a SCEP administrator.
EnrollPwd is the plain-text enrollment password and EnrollPwdEnc
is the encrypted form of the same enrollment password. Use only
one of these two elds to set the used enrollment password.
As a substitute of using EnrollPwd or EnrollPwdEnc to directly
specify an enrollment password, client allows using a SCEP
administrator's credential to automatically get an enrollment
password from a Windows SCEP server. In this case, the
ScepUser, ScepUserDomain, ScepUserPwd (or
ScepUserPwdEnc, in encrypted form instead of plan-text) are used
to specify the SCEP administrator's credential, and ScepAdminUrl
must be set correctly to specify the corresponding SCEP admin
web page's URL. If neither EnrollPwd nor EnrollPwdEnc is set,
client will try to use these set of settings to automatically get an
enrollment password and then use that password to request a
certicate. If communication security is necessary in your
environment during this phase, please add https:// as the prex for
ScepAdminUrl to use HTTPS instead of the default HTTP protocol.
84
ThinOS 8.5_012 and ThinOS Lite 2.5_012