Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.4 - Administration Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting Glossary

vascert command reference

vascert is the Certificate Autoenrollment processor.

Name

vascert

Synopsis

vascert [-d <debug level [1-6]>] [-b] [-h <command>] <command [command options]>

Overview

vascert is the Certificate Autoenrollment processor for Unix clients.

Commands

To run vascert, specify one or more general options, then specify a specific command which may have further options and arguments.

Table 19: vascert commands
Command

Description

clean

Clears certificate enrollment state information.

configure

Allows you to configure Certificate Autoenrollment settings.

importca

Imports trusted root CA certificates based on policy.

info

Dumps the contents of a policy template.

list

Lists all configured policy template names.

pulse

Performs Certificate Autoenrollment processing.

renew

Renews an existing certificate based on a policy template.

server

Manages local policy server configuration.

trigger

Triggers machine-based Certificate Autoenrollment policy processing.

unconfigure

Allows you to un-configure Certificate Autoenrollment settings.

Common options

The following options can be passed to all vascert commands. Specify these options before the command name.

[-d <debug level [1-6]> ]

Prints additional information according to debug level, higher debug level prints more output.

[-b]

Do not display banner text.

[-h <command>]

Display help for a particular command.

Related Topics

vascert commands and arguments

vascert commands and arguments

The following is a detailed description of all the available vascert commands, their usage and arguments.

vascert clean

Clears certificate enrollment state information.

vascert [common options] clean [-u <username>] [-x]

Arguments:

[-u <username>] is the name of the user to perform the operation.

[-x] removes all local state information.

Additional Information:

This command causes Certificate Autoenrollment to remove all previous configuration and downloaded policy. When run as root with the -x option, this command removes all local state information returning the system to the state it had just after package install.

vascert configure

Allows you to configure Certificate Autoenrollment settings.

vascert [common options] configure <sub-command> <command>

Sub-commands:

debug enables debug logging for all Certificate Autoenrollment components.

Debug command arguments:

vascert [common options] configure debug [-u <username>]

[-u <username>] is the name of the user to perform the operation.

vascert importca

Imports trusted root CA certificates based on policy.

vascert [common options] importca [-u <username>] [-p]

Arguments:

[-u <username>] is the name of the user to perform the operation.

[-p] simulates policy-based CA import.

vascert info

Dumps the contents of a policy template.

vascert [common options] info <policy template name>

vascert list

Lists all configured policy template names.

vascert [common options] list [-p]

Arguments:

[-p] lists pending enrollment requests.

vascert pulse

Performs Certificate Autoenrollment processing.

vascert [common options] pulse [-p]

Arguments:

[-p] simulates policy-based pulse.

vascert renew

Renews an existing certificate based on a policy template.

vascert [common options] renew -t <template name>

Arguments:

-t <template name> is the name of the policy template for which certificates are to be renewed.

vascert server

Manages local policy server configuration.

vascert [common options] server <sub-command>

Sub-commands:

remove removes a policy server configuration by URL.

list lists policy servers that are configured locally.

add adds a new local server configuration.

Remove command arguments:

vascert [common options] server remove [-u <username>] [-a] <URL>

[-u <username>] is the name of the user to perform the operation.

[-a] removes all server configurations.

List command arguments:

vascert [common options] server list [-u <username>]

[-u <username>] is the name of the user to perform the operation.

Add command arguments:

vascert [common options] server add [-u <username>] [-c <cost> ] -r <URL> [-n <name> ]

[-u <username>] is the name of the user to perform the operation.

[-c <cost>] specifies the cost associated with this server. Servers with lower cost are preferred when performing server selection.

-r <URL> specifies the service endpoint to contact to object enrollment policy.

[-n <name>] specifies the display name of this server.

vascert trigger

Triggers machine-based Certificate Autoenrollment policy processing.

vascert [common options] trigger

vascert unconfigure

Allows you to un-configure Certificate Autoenrollment settings.

vascert [common options] unconfigure <sub-command> <command>

Sub-commands:

debug disables debug logging for all Certificate Autoenrollment components.

Debug command arguments

vascert [common options] unconfigure debug [-u <username>]

[-u <username>] is the name of the user to perform the operation.

Integrating with other applications

Safeguard Authentication Services integrates with the following products.

  • InSync
  • One Identity™ Active Roles
  • One Identity™ Defender®
  • One Identity™ Privilege Manager for Unix
  • One Identity™ Starling Two-Factor Authentication
  • Quest® Change Auditor
  • Quest® Enterprise Reporter
  • Quest® InTrust®
  • Quest® Recovery Manager for Active Directory

This section includes instructions for integrating Starling Two-Factor Authentication, Defender, and Change Auditor with Safeguard Authentication Services.

Note: See the One Identity website for information related to the integration of Safeguard Authentication Services with other products.

One Identity Starling integration

One Identity Starling Two-Factor Authentication is a SaaS solution that provides two-factor authentication on a product enabling organizations to quickly and easily verify a user's identity. This service is provided as part of the One Identity Starling cloud platform. Joining Safeguard Authentication Services to One Identity Starling allows you to take advantage of these companion features from Starling services. For more information on Starling, see the One Identity Starling User Guide.

In order to use Starling 2FA with Safeguard Authentication Services, you must join Safeguard Authentication Services to Starling. This is done from the Preferences | Starling Two-Factor Authentication pane in the Control Center. From this pane, you can also configure Starling to use a proxy server and customize the attributes to be used in push notifications.

Help links that provide assistance with Starling are available on the dialogs displayed when setting up the Starling Join Settings or Starling Proxy Settings:

  • Visit us Online displays the Starling login page where you can create a new Starling account. This help link is available on both dialogs.
  • Trouble Joining displays the Starling support page with information on the requirements and process for joining with Starling. This help link is available on the Starling Two-Factor Authentication dialog.
  • Trouble With Proxy displays the Starling support page with additional information on troubleshooting the proxy configuration. This help link is available on the Starling Proxy Configuration dialog.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating