Dell Wyse 3010 Wyse ThinOS Version 8.5 and ThinOS Lite 2.5 Operating System Re - Page 84

Parameters [State=state] [Locality=locality] [Organization=organization_name] [OrganizationUnit=organization_unit] [CommonName=common_name] [Email=email_address] KeyUsage=key_usage KeyLength={1024, 2048, 4096 } [subAltName=subject_alt_name_list] RequestURL=scep_request_url CACertHashType={MD5, SHA1} CACertHash=CA_HASH_VALUE [EnrollPwd=enrollment_password] [EnrollPwdEnc=encrypted_enrollment_password] [ScepAdminUrl=scep_administrator_page_url] [ScepUser=scep_enrollment_user] [ScepUserDomain=scep_enrollment_user_domain] [ScepUserPwd=scep_enrollment_user_password] [ScepUserPwdEnc=encrypted_scep_enrollment_user_password] Description manually or automatically through SCEP from this client, and the renewal is performed only after a certificate's 1/2 valid period has passed. Set InstallCACert-Set this keyword to yes to install the root CA's certificate as trusted certificate after successfully getting a client certificate. CountryName, State, Locality, Organization, OrganizationUnit, CommonName, Email-These keywords together compose the subject identity of the requested client certificate. Country Name should be two letter in uppercase, other fields are printable strings with a length shorter than 64 bytes, and email_address should have a '@' in it. At least one of the above fields must be configured correctly to form the client certificate's subject identity. KeyUsage -This option is to specify key usage of the client certificate and should be set to a digitalSignature, keyEncipherment or both using a ';' concatenating these two as digitalSignature;keyEncipherment. KeyLength-This option is to specify the key length of the client certificate in bits, must one of the value in the list. subAltName-This option is to specify the client certificate's subject alternative names. It is a sequenced list of name elements, and every element is either a DNS name or an IP address. Use ';' as delimiter between them. RequestURL-This option is to specify the SCEP server's service URL. This field must be set correctly. The default protocol for SCEP service is HTTP and data security is ensured by SCEP itself. You can also add the prefix https://, if SCEP service is deployed on HTTPS in your environment.* CACertHashType-This option is the hash type used to verify certificate authority's certificate. This option must be set to MD5 or SHA1 or SHA256.* CACertHash-This is the hash value used to verify certificate authority's certificate. Client will not issue a certificate request to a SCEP server and cannot pass certificate chain checking through a valid certificate authority. EnrollPwd or EnrollPwdEnc-These keywords are used to set the enrollment password from a SCEP administrator. EnrollPwd is the plain-text enrollment password and EnrollPwdEnc is the encrypted form of the same enrollment password. Use only one of these two fields to set the used enrollment password. As a substitute of using EnrollPwd or EnrollPwdEnc to directly specify an enrollment password, client allows using a SCEP administrator's credential to automatically get an enrollment password from a Windows SCEP server. In this case, the ScepUser, ScepUserDomain, ScepUserPwd (or ScepUserPwdEnc, in encrypted form instead of plan-text) are used to specify the SCEP administrator's credential, and ScepAdminUrl must be set correctly to specify the corresponding SCEP admin web page's URL. If neither EnrollPwd nor EnrollPwdEnc is set, client will try to use these set of settings to automatically get an enrollment password and then use that password to request a certificate. If communication security is necessary in your environment during this phase, please add https:// as the prefix for ScepAdminUrl to use HTTPS instead of the default HTTP protocol. 84 ThinOS 8.5_012 and ThinOS Lite 2.5_012