Chat now with support
Chat with Support

Safeguard Authentication Services 4.2 - Mac OS X/macOS Administration Guide

One Identity Privileged Access Suite for Unix Installation The Authentication Services Mac OS X components Configuring the Authentication Services client Special Mac OS X features Authentication Services limitations on Mac OS X Authentication Services Group Policy for Mac OS X Certificate Autoenrollment

vascert commands and arguments

The following is a detailed description of all the available vascert commands, their usage and arguments.

vascert clean

Clears certificate enrollment state information.

vascert [common options] clean [-u <username>] [-x]

Arguments:

[-u <username>] is the name of the user to perform the operation.

[-x] removes all local state information.

Additional Information:

This command causes Certificate Autoenrollment to remove all previous configuration and downloaded policy. When run as root with the -x option, this command removes all local state information returning the system to the state it had just after package install.

vascert configure

Allows you to configure Certificate Autoenrollment settings.

vascert [common options] configure <sub-command> <command>

Sub-commands:

debug enables debug logging for all Certificate Autoenrollment components.

Debug command arguments:

vascert [common options] configure debug [-u <username>]

[-u <username>] is the name of the user to perform the operation.

vascert importca

Imports trusted root CA certificates based on policy.

vascert [common options] importca [-u <username>] [-p]

Arguments:

[-u <username>] is the name of the user to perform the operation.

[-p] simulates policy-based CA import.

vascert info

Dumps the contents of a policy template.

vascert [common options] info <policy template name>

vascert list

Lists all configured policy template names.

vascert [common options] list [-p]

Arguments:

[-p] lists pending enrollment requests.

vascert pulse

Performs Certificate Autoenrollment processing.

vascert [common options] pulse [-p]

Arguments:

[-p] simulates policy-based pulse.

vascert renew

Renews an existing certificate based on a policy template.

vascert [common options] renew -t <template name>

Arguments:

-t <template name> is the name of the policy template for which certificates are to be renewed.

vascert server

Manages local policy server configuration.

vascert [common options] server <sub-command>

Sub-commands:

remove removes a policy server configuration by URL.

list lists policy servers that are configured locally.

add adds a new local server configuration.

Remove command arguments:

vascert [common options] server remove [-u <username>] [-a] <URL>

[-u <username>] is the name of the user to perform the operation.

[-a] removes all server configurations.

List command arguments:

vascert [common options] server list [-u <username>]

[-u <username>] is the name of the user to perform the operation.

Add command arguments:

vascert [common options] server add [-u <username>] [-c <cost> ] -r <URL> [-n <name> ]

[-u <username>] is the name of the user to perform the operation.

[-c <cost>] specifies the cost associated with this server. Servers with lower cost are preferred when performing server selection.

-r <URL> specifies the service endpoint to contact to object enrollment policy.

[-n <name>] specifies the display name of this server.

vascert trigger

Triggers machine-based Certificate Autoenrollment policy processing.

vascert [common options] trigger

vascert unconfigure

Allows you to un-configure Certificate Autoenrollment settings.

vascert [common options] unconfigure <sub-command> <command>

Sub-commands:

debug disables debug logging for all Certificate Autoenrollment components.

Debug command arguments

vascert [common options] unconfigure debug [-u <username>]

[-u <username>] is the name of the user to perform the operation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating