Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.1 - macOS Administration Guide

Privileged Access Suite for Unix Installation Safeguard Authentication Services macOS components Safeguard Authentication Services client configuration Special macOS features Limitations on macOS Group Policy for macOS Certificate Autoenrollment Glossary

vascert commands and arguments

The following is a detailed description of all the available vascert commands, their usage and arguments.

vascert clean

Clears certificate enrollment state information.

vascert [common options] clean [-u <username>] [-x]

Arguments:

[-u <username>] is the name of the user to perform the operation.

[-x] removes all local state information.

Additional Information:

This command causes Certificate Autoenrollment to remove all previous configuration and downloaded policy. When run as root with the -x option, this command removes all local state information returning the system to the state it had just after package install.

vascert configure

Allows you to configure Certificate Autoenrollment settings.

vascert [common options] configure <sub-command> <command>

Sub-commands:

debug enables debug logging for all Certificate Autoenrollment components.

Debug command arguments:

vascert [common options] configure debug [-u <username>]

[-u <username>] is the name of the user to perform the operation.

vascert importca

Imports trusted root CA certificates based on policy.

vascert [common options] importca [-u <username>] [-p]

Arguments:

[-u <username>] is the name of the user to perform the operation.

[-p] simulates policy-based CA import.

vascert info

Dumps the contents of a policy template.

vascert [common options] info <policy template name>

vascert list

Lists all configured policy template names.

vascert [common options] list [-p]

Arguments:

[-p] lists pending enrollment requests.

vascert pulse

Performs Certificate Autoenrollment processing.

vascert [common options] pulse [-p]

Arguments:

[-p] simulates policy-based pulse.

vascert renew

Renews an existing certificate based on a policy template.

vascert [common options] renew -t <template name>

Arguments:

-t <template name> is the name of the policy template for which certificates are to be renewed.

vascert server

Manages local policy server configuration.

vascert [common options] server <sub-command>

Sub-commands:

remove removes a policy server configuration by URL.

list lists policy servers that are configured locally.

add adds a new local server configuration.

Remove command arguments:

vascert [common options] server remove [-u <username>] [-a] <URL>

[-u <username>] is the name of the user to perform the operation.

[-a] removes all server configurations.

List command arguments:

vascert [common options] server list [-u <username>]

[-u <username>] is the name of the user to perform the operation.

Add command arguments:

vascert [common options] server add [-u <username>] [-c <cost> ] -r <URL> [-n <name> ]

[-u <username>] is the name of the user to perform the operation.

[-c <cost>] specifies the cost associated with this server. Servers with lower cost are preferred when performing server selection.

-r <URL> specifies the service endpoint to contact to object enrollment policy.

[-n <name>] specifies the display name of this server.

vascert trigger

Triggers machine-based Certificate Autoenrollment policy processing.

vascert [common options] trigger

vascert unconfigure

Allows you to un-configure Certificate Autoenrollment settings.

vascert [common options] unconfigure <sub-command> <command>

Sub-commands:

debug disables debug logging for all Certificate Autoenrollment components.

Debug command arguments

vascert [common options] unconfigure debug [-u <username>]

[-u <username>] is the name of the user to perform the operation.

Glossary

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating