You can enable full debug logging for all Certificate Autoenrollment components using the vascert command line utility.
UNIX/Linux: If debug logging is configured, the vascert tool writes files in /var/opt/quest/vascert/.com.quest.X509Enrollment/log for machine enrollment and ~/.com.quest.X509Enrollment/log for user enrollment. You can enable debug logging for all of these components.
To enable debug logging
As root, run the following command to configure debug logging for all users:
/opt/quest/bin/vascert configure debug
To configure debug logging for a specific user, log in as that user and run the same command.
NOTE: Enabling debug logging causes the vascert command to write debug messages to a file in addition to stdout. Even after you enable debug logging, you must set the debug level using the -d command line option when running vascert commands manually.
When you are finished debugging, run the following command as root to turn off debug logging for all users. One Identity recommends that you turn off debug logging to improve performance and conserve disk space.
/opt/quest/bin/vascert unconfigure debug
Use the vascert command line utility to manually perform Certificate Autoenrollment.
To perform Certificate Autoenrollment processing manually
To pulse Certificate Autoenrollment for the machine, run the following command as root (or using sudo):
/opt/quest/bin/vascert pulse
NOTE:
To pulse Certificate Autoenrollment for a specific user, log in as that user and run the following command:
/opt/quest/bin/vascert pulse
NOTE:
If you are using One Identity Authentication Services 4.1 (or later), Certificate Autoenrollment is configured automatically by Group Policy. Use the vgptool command line utility to manually apply Group Policy.
To manually apply Group Policy
Decide whether you want to apply machine policy or user policy.
NOTE: Machine policy affects the entire system; User policy only affects the specified user.
To apply machine policy, enter the following command as root (or using sudo):
/opt/quest/bin/vgptool apply
The terminal displays policy processing results.
To apply user policy, enter the following command as root (or using sudo):
/opt/quest/bin/vgptool apply -u <username>
The terminal displays policy processing results.
vascert is the Certificate Autoenrollment command line tool for certificate enrollment. With vascert you can configure various aspects of Certificate Autoenrollment. You can manually trigger certificate enrollment processing. vascert is also helpful for troubleshooting various network and authentication problems that may occur.
This command reference details the command line usage for vascert.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center