Release Notes

ManualsBrandsDell ManualsConverged InfrastructureWyse 5060 Thin Client

Reference Description

[Organization = organization_name]

[OrganizationUnit = organization_unit]

[CommonName = common_name]

[Email = email_address]

KeyUsage = kay_usage

KeyLength = {1024, 2048, 4096 }

[subAltName = subject_alt_name_list]

RequestURL = scep_request_url

CACertHashType = { MD5, SHA1 }

CACertHash = CA_HASH_VALUE

[EnrollPwd = enrollment_password]

[EnrollPwdEnc = encrypted_enrollment_password]

[ScepAdminUrl = scep_administrator_page_url]

[ScepUser = scep_enrollment_user]

[ScepUserDomain = scep_enrollment_user_domain]

[ScepUserPwd = scep_enrollment_user_password]

[ScepUserPwdEnc =

encrypted_scep_enrollment_user_password]

InstallCACert—Congure

InstallCACert to yes to install the root

CA's certicate as trusted certicate after successfully getting a

client certicate.

CountryName, State, Location, Organization, OrganizationUnit,

CommonName, Email—These elds together compose the

subject identity of the requested client certicate. Country

Name should be two letter in uppercase, other elds are

printable strings with a length shorter than 64 bytes, and

email_address should have a '@' in it. At least one of the above

elds must be congured correctly to form the client

certicate's subject identity.

KeyUsage—KeyUsage is to specify key usage of the client

certicate and should be set to a digitalSignature,

keyEncypherment or both using a ';' linking these two as

digitalSignature;keyEncypherment.

KeyLength—KeyLength is to specify the key length of the client

certicate in bits, must one of the value in the list.

subAltName—subAltName is to specify the client certicate's

subject alternative names. It is a sequenced list of name

elements, and every element is either a DNS name or an IP

address. Use ';' as delimiter between them.

RequestURL—RequestURL is to specify the SCEP server's

service URL. This eld must be set correctly.

CACertHashType—CACertHashType is the hash type used to

verify certicate authority's certicate.

CACertHash—CACertHash is the hash value used to verify

certicate authority's certicate. Client will not issue a

certicate request to a SCEP server and cannot pass certicate

chain checking through a valid certicate authority.

EnrollPwd, EnrollPwdEnc—EnrollPwd or EnrollPwdEnc is to set

the enrollment password from a SCEP administrator.EnrollPwd is

the plain-text enrollment password and EnrollPwdEnc is the

encrypted form of the same enrollment password. Use only one

of these two elds to set the used enrollment password. As a

substitute of using EnrollPwd or EnrollPwdEnc to directly

specify a enrollment password, client allows using a SCEP

administrator's credential to automatically get an enrollment

password from a Windows SCEP server.

In this case, the ScepUser, ScepUserDomain, ScepUserPwd (or

ScepUserPwdEnc, in encrypted form instead of plan-text) are

used to specify the SCEP administrator's credential, and

ScepAdminUrl must be set correctly to specify the

corresponding SCEP admin web page's URL.

If neither EnrollPwd nor EnrollPwdEnc is set, client tries to use

these set of settings to automatically get an enrollment

password and then use that password to request a certicate.

Use ScepAutoEnroll=no AutoRenew=yes to only enable SCEP

auto renew; all others parameters are not needed if

ScepAutoEnroll is set to no.

NOTE

: SCEP server’s URL must be an HTTP link. Do not

add protocol prex to RequestURL and ScepAdminURL.

DefaultUser = {username, $SYS_VAR} Species the default sign-on user. For more information, see Dell

Wyse ThinOS 8.4 Administrator’s Guide.

20 Dell Wyse ThinOS Version 8.4

Release Notes