The following is a detailed description of all the available vascert commands, their usage and arguments.
Clears certificate enrollment state information.
vascert [common options] clean [-u <username>] [-x]
[-u <username>] is the name of the user to perform the operation.
[-x] removes all local state information.
This command causes Certificate Autoenrollment to remove all previous configuration and downloaded policy. When run as root with the -x option, this command removes all local state information returning the system to the state it had just after package install.
Allows you to configure Certificate Autoenrollment settings.
vascert [common options] configure <sub-command> <command>
debug enables debug logging for all Certificate Autoenrollment components.
Debug command arguments:
vascert [common options] configure debug [-u <username>]
[-u <username>] is the name of the user to perform the operation.
Imports trusted root CA certificates based on policy.
vascert [common options] importca [-u <username>] [-p]
[-u <username>] is the name of the user to perform the operation.
[-p] simulates policy-based CA import.
Dumps the contents of a policy template.
vascert [common options] info <policy template name>
Lists all configured policy template names.
vascert [common options] list [-p]
[-p] lists pending enrollment requests.
Performs Certificate Autoenrollment processing.
vascert [common options] pulse [-p]
[-p] simulates policy-based pulse.
Renews an existing certificate based on a policy template.
vascert [common options] renew -t <template name>
-t <template name> is the name of the policy template for which certificates are to be renewed.
Manages local policy server configuration.
vascert [common options] server <sub-command>
remove removes a policy server configuration by URL.
list lists policy servers that are configured locally.
add adds a new local server configuration.
Remove command arguments:
vascert [common options] server remove [-u <username>] [-a] <URL>
[-u <username>] is the name of the user to perform the operation.
[-a] removes all server configurations.
List command arguments:
vascert [common options] server list [-u <username>]
[-u <username>] is the name of the user to perform the operation.
Add command arguments:
vascert [common options] server add [-u <username>] [-c <cost> ] -r <URL> [-n <name> ]
[-u <username>] is the name of the user to perform the operation.
[-c <cost>] specifies the cost associated with this server. Servers with lower cost are preferred when performing server selection.
-r <URL> specifies the service endpoint to contact to object enrollment policy.
[-n <name>] specifies the display name of this server.
Triggers machine-based Certificate Autoenrollment policy processing.
vascert [common options] trigger
Allows you to un-configure Certificate Autoenrollment settings.
vascert [common options] unconfigure <sub-command> <command>
debug disables debug logging for all Certificate Autoenrollment components.
Debug command arguments
vascert [common options] unconfigure debug [-u <username>]
[-u <username>] is the name of the user to perform the operation.
© 2022 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy