| Index |
| A unique index for this entry. |
| Command |
| The task to perform for this entry. Possible values: getca-scep(1), -- Retrieve CA certificate via SCEP enroll-scep(2), -- Enroll using SCEP enroll-manual(3), -- Do a manual enrollment delete(8) -- Cancel the task and delete this entry Enumerations: - getca-scep (1)
- enroll-scep (2)
- enroll-manual (3)
- delete (8)
|
| Url |
| The url to access for the task. Length: 0 to 255 |
| CertName |
| The name of the resulting certificate (for certificate retrieval tasks) or the name of the certificate to use (for certificate export tasks. Length: 0 to 255 |
| SubjectName |
| The subject name to include into the certificate request. Length: 0 to 255 |
| SubjectAltName |
| The subject alternative name to include into the certificate request (optional). Length: 0 to 255 |
| SubjectAltName2 |
| A second subject alternative name (optional). Length: 0 to 255 |
| SubjectAltName3 |
| A third subject alternative name (optional). Length: 0 to 255 |
| KeyIndex |
| The index of the key in the ipsecPublicKeyTable to use for certificate enrollment. |
| CaCertIndex |
| The index of the CA certificate to use (from the certTable). |
| CaDomain |
| The domain for which the CA certificate is to be received (getca_scep command only). Length: 0 to 255 |
| Password |
| The password (SCEP: challenge password, CMP: <ref-no>:<psk>. Length: 0 to 255 |
| AutoSave |
| Determines if pending requests should be saved permanently after each try and results should be saved permanently after finish. Enumerations: |
| PollInterval |
| The interval (in seconds) between polls. Range: 5 to 86400 |
| MaxPolls |
| The maximum number of polls performed. A value of -1 means forever, a value of 0 disables polling, i.e. the task is cancelled if the initial result is delayed. Range: -1 to 32767 |
| NumPolls |
| The number of polls already performed. |
| State |
| The state of the task specified by this entry. Enumerations: - done (1)
- error (2)
- running (3)
- delayed (4)
- polling (5)
- notreached (6)
|
| RaSignCertIndex |
| The index of the Registration Authority's (RA) certificate to use for signing purposes (from the certTable). |
| RaEncryptCertIndex |
| The index of the Registration Authority's (RA) certificate to use for encryption purposes (from the certTable). |
| KeyLength |
| The key length in bits used in requests for certificate enrollment. |
| CaFingerprint |
| This object holds the fingerprint of the CA certificate computed as an SHA1 or MD5 hash. This object is compared against an externally retrieved SHA1 / MD5 fingerprint (e.g. published on a CA's web site) to assure the authenticity of the certificate. |
| NoCrls |
| This object determines how CRL checking is set for certificates retrieved during certificate enrollment. Possible Values: true(1), -- do not check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) false(2), -- check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) auto(3), -- check for crls only if there is a -- CRLDistributionPoint in the certificate inherit(4), -- inherit from superior ca in chain. Enumerations: - true (1)
- false (2)
- auto (3)
- inherit (4)
|
| Action |
| Flag whether certificate management task is waiting or starts immediately. Use this flag to create complex tasks in multiple steps: First create task with certMgmtAction set to 'wait'. After task is completely build, set this flag to 'go' and the certificate management task starts automatically. After certificate management task has started, certMgmtAction is automatically set to 'wait'. Possible values: wait -- Certificate management task is waiting go -- Certificate management task starts now Enumerations: |
| AutoCleanup |
| Determines if already existing CertTable entries should be removed or not before starting the SCEP enrollment procedure. Enumerations: |