If you are using One Identity Authentication Services 4.1 (or later), Certificate Autoenrollment is configured automatically by Group Policy. Use the vgptool command line utility to manually apply Group Policy.
To manually apply Group Policy
-
Decide whether you want to apply machine policy or user policy.
NOTE: Machine policy affects the entire system; User policy only affects the specified user.
-
To apply machine policy, enter the following command as root (or using sudo):
/opt/quest/bin/vgptool apply
The terminal displays policy processing results.
-
To apply user policy, enter the following command as root (or using sudo):
/opt/quest/bin/vgptool apply -u <username>
The terminal displays policy processing results.
vascert is the Certificate Autoenrollment command line tool for certificate enrollment. With vascert you can configure various aspects of Certificate Autoenrollment. You can manually trigger certificate enrollment processing. vascert is also helpful for troubleshooting various network and authentication problems that may occur.
This command reference details the command line usage for vascert.
Related Topics
vascert command reference
vascert commands and arguments
vascert is the Certificate Autoenrollment processor.
Synopsis
vascert [-d <debug level [1-6]>] [-b] [-h <command>] <command [command options]>
Overview
vascert is the Certificate Autoenrollment processor for Unix clients.
Commands
To run vascert, specify one or more general options, then specify a specific command which may have further options and arguments.
Table 19: vascert commands
|
clean |
Clears certificate enrollment state information. |
|
configure |
Allows you to configure Certificate Autoenrollment settings. |
|
importca |
Imports trusted root CA certificates based on policy. |
|
info |
Dumps the contents of a policy template. |
|
list |
Lists all configured policy template names. |
|
pulse |
Performs Certificate Autoenrollment processing. |
|
renew |
Renews an existing certificate based on a policy template. |
|
server |
Manages local policy server configuration. |
|
trigger |
Triggers machine-based Certificate Autoenrollment policy processing. |
|
unconfigure |
Allows you to un-configure Certificate Autoenrollment settings. |
Common options
The following options can be passed to all vascert commands. Specify these options before the command name.
[-d <debug level [1-6]> ]
Prints additional information according to debug level, higher debug level prints more output.
[-b]
Do not display banner text.
[-h <command>]
Display help for a particular command.
Related Topics
vascert commands and arguments
The following is a detailed description of all the available vascert commands, their usage and arguments.
vascert clean
Clears certificate enrollment state information.
vascert [common options] clean [-u <username>] [-x]
Arguments:
[-u <username>] is the name of the user to perform the operation.
[-x] removes all local state information.
Additional Information:
This command causes Certificate Autoenrollment to remove all previous configuration and downloaded policy. When run as root with the -x option, this command removes all local state information returning the system to the state it had just after package install.
vascert configure
Allows you to configure Certificate Autoenrollment settings.
vascert [common options] configure <sub-command> <command>
Sub-commands:
debug enables debug logging for all Certificate Autoenrollment components.
Debug command arguments:
vascert [common options] configure debug [-u <username>]
[-u <username>] is the name of the user to perform the operation.
vascert importca
Imports trusted root CA certificates based on policy.
vascert [common options] importca [-u <username>] [-p]
Arguments:
[-u <username>] is the name of the user to perform the operation.
[-p] simulates policy-based CA import.
vascert info
Dumps the contents of a policy template.
vascert [common options] info <policy template name>
vascert list
Lists all configured policy template names.
vascert [common options] list [-p]
Arguments:
[-p] lists pending enrollment requests.
vascert pulse
Performs Certificate Autoenrollment processing.
vascert [common options] pulse [-p]
Arguments:
[-p] simulates policy-based pulse.
vascert renew
Renews an existing certificate based on a policy template.
vascert [common options] renew -t <template name>
Arguments:
-t <template name> is the name of the policy template for which certificates are to be renewed.
vascert server
Manages local policy server configuration.
vascert [common options] server <sub-command>
Sub-commands:
remove removes a policy server configuration by URL.
list lists policy servers that are configured locally.
add adds a new local server configuration.
Remove command arguments:
vascert [common options] server remove [-u <username>] [-a] <URL>
[-u <username>] is the name of the user to perform the operation.
[-a] removes all server configurations.
List command arguments:
vascert [common options] server list [-u <username>]
[-u <username>] is the name of the user to perform the operation.
Add command arguments:
vascert [common options] server add [-u <username>] [-c <cost> ] -r <URL> [-n <name> ]
[-u <username>] is the name of the user to perform the operation.
[-c <cost>] specifies the cost associated with this server. Servers with lower cost are preferred when performing server selection.
-r <URL> specifies the service endpoint to contact to object enrollment policy.
[-n <name>] specifies the display name of this server.
vascert trigger
Triggers machine-based Certificate Autoenrollment policy processing.
vascert [common options] trigger
vascert unconfigure
Allows you to un-configure Certificate Autoenrollment settings.
vascert [common options] unconfigure <sub-command> <command>
Sub-commands:
debug disables debug logging for all Certificate Autoenrollment components.
Debug command arguments
vascert [common options] unconfigure debug [-u <username>]
[-u <username>] is the name of the user to perform the operation.
