Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 5060 Thin Client

Parameter Description

[CountryName=country]

[State=state]

[Locality=locality]

[Organization=organization_name]

[OrganizationUnit=organization_unit]

[CommonName=common_name]

[Email=email_address]

[KeyUsage=key_usage]

[KeyLength={1024, 2048, 4096}]

[subAltName=subject_alt_name_list]

[RequestURL=scep_request_url]

[CACertHashType={MD5, SHA1, SHA256}]

[CACertHash=CA_HASH_VALUE]

[EnrollPwd=enrollment_password]

[EnrollPwdEnc=encrypted_enrollment_password]

[ScepAdminUrl=scep_administrator_page_url]

[ScepUser=scep_enrollment_user]

[ScepUserDomain=scep_enrollment_user_domain]

[ScepUserPwd=scep_enrollment_user_password]

[ScepUserPwdEnc=encrypted_scep_enrollment_user_password]

Set

AutoRenew—Set this keyword to yes to enable certicate

auto renew. Client only tries to renew certicates requested either

manually or automatically through SCEP from this client, and the

renewal is performed only after a certicate's 1/2 valid period has

passed.

Set InstallCACert—Set this keyword to yes to install the root CA's

certicate as trusted certicate after successfully getting a client

certicate.

CountryName, State, Locality, Organization, OrganizationUnit,

CommonName, Email—These keywords together compose the

subject identity of the requested client certicate. Country Name

should be two letter in uppercase, other elds are printable strings

with a length shorter than 64 bytes, and email_address should have

a '@' in it. At least one of the above elds must be congured

correctly to form the client certicate's subject identity.

KeyUsage —This option is to specify key usage of the client

certicate and should be set to a digitalSignature, keyEncipherment

or both using a ';' concatenating these two as

digitalSignature;keyEncipherment.

KeyLength—This option is to specify the key length of the client

certicate in bits, must one of the value in the list.

subAltName—This option is to specify the client certicate's

subject alternative names. It is a sequenced list of name elements,

and every element is either a DNS name or an IP address. Use ';' as

delimiter between them.

RequestURL—The RequestURL option is to specify the SCEP

server service URL. This eld must be set correctly. The default

protocol for SCEP services is HTTP, which also ensures data

security. You can also add the prex https:// if SCEP service is

deployed on HTTPS in your environment.

CACertHashType—CACertHashType is used to verify the

authenticity of the certicate authority. This option must be set to

MD5 or SHA1 or SHA256.

CACertHash—This is the hash value used to verify certicate

authority's certicate. Client will not issue a certicate request to a

SCEP server and cannot pass certicate chain checking through a

valid certicate authority.

EnrollPwd or EnrollPwdEnc—These keywords are used to set the

enrollment password from a SCEP administrator.

EnrollPwd is the plain-text enrollment password and EnrollPwdEnc

is the encrypted form of the same enrollment password. Use only

one of these two elds to set the used enrollment password.

As a substitute of using EnrollPwd or EnrollPwdEnc to directly

specify an enrollment password, client allows using a SCEP

administrator's credential to automatically get an enrollment

password from a Windows SCEP server. In this case, the

ScepUser, ScepUserDomain, ScepUserPwd (or

ScepUserPwdEnc, in encrypted form instead of plan-text) are used

to specify the SCEP administrator's credential, and ScepAdminUrl

must be set correctly to specify the corresponding SCEP admin

web page's URL. If neither EnrollPwd nor EnrollPwdEnc is set,

client will try to use these set of settings to automatically get an

enrollment password and then use that password to request a

certicate. If communication security is necessary in your

Parameters for wnos INI

les only 33