Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages
OpenXPKI::Service::LibSCEP::Command::GetCACert(3) User Contributed Perl Documentation OpenXPKI::Service::LibSCEP::Command::GetCACert(3)


Returns the certifcate of the RA and CA issuer including its chain.

The chain is cached/read from the datapool, namespace scep.cache.getca, the key is created by joining servername, scep-alias and issuer-alias with a colon, e.g. 'vpnservice:ca-scep-5:ca-signer-2'.

In case you want a special response, e.g. including extra chain certificates you can set the datapool item manually

If no value is found in the datapool, __build_chain is called to create it and the result is cached using the datapool for seven days.

Return information on the certificates used by the scep server. With default settings, the following certs are returned in order:

scep server certificate
entity certificate used by the scep server
scep server chain
the full chain including without the root certificate for the scep entity certificate
current issuer certificate
the certificate currently used for certificate issuance.
issuer chain
the chain of the issuing ca, starting with the first intermediate certificate.

Certificates used in both scep and issuer chain are only included once.

The responses are cached using the datapool, you can strip chain/root by config settings, see below, or inject arbitrary chains into the datapool.

Returns the CA certificate chain including the HTTP header needed for the scep CGI script.

Config layout (at scep.<server>) is:

          ra:     fullchain
          issuer: fullchain

Options are endentity (cert only), chain (no root) and fullchain (includes root certificate).

The old config option response.getcacert_strip_root is still recognized but deprecated.

2022-05-14 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.