Dell Wyse 3020 Wyse ThinOS Version 8.4 Release Notes - Page 20

Reference [Organization = organization_name] [OrganizationUnit = organization_unit] [CommonName = common_name] [Email = email_address] KeyUsage = kay_usage KeyLength = {1024, 2048, 4096 } [subAltName = subject_alt_name_list] RequestURL = scep_request_url CACertHashType = { MD5, SHA1 } CACertHash = CA_HASH_VALUE [EnrollPwd = enrollment_password] [EnrollPwdEnc = encrypted_enrollment_password] [ScepAdminUrl = scep_administrator_page_url] [ScepUser = scep_enrollment_user] [ScepUserDomain = scep_enrollment_user_domain] [ScepUserPwd = scep_enrollment_user_password] [ScepUserPwdEnc = encrypted_scep_enrollment_user_password] DefaultUser = {username, $SYS_VAR} 20 Dell Wyse ThinOS Version 8.4 Release Notes Description InstallCACert-Configure InstallCACert to yes to install the root CA's certificate as trusted certificate after successfully getting a client certificate. CountryName, State, Location, Organization, OrganizationUnit, CommonName, Email-These fields together compose the subject identity of the requested client certificate. Country Name should be two letter in uppercase, other fields are printable strings with a length shorter than 64 bytes, and email_address should have a '@' in it. At least one of the above fields must be configured correctly to form the client certificate's subject identity. KeyUsage-KeyUsage is to specify key usage of the client certificate and should be set to a digitalSignature, keyEncypherment or both using a ';' linking these two as digitalSignature;keyEncypherment. KeyLength-KeyLength is to specify the key length of the client certificate in bits, must one of the value in the list. subAltName-subAltName is to specify the client certificate's subject alternative names. It is a sequenced list of name elements, and every element is either a DNS name or an IP address. Use ';' as delimiter between them. RequestURL-RequestURL is to specify the SCEP server's service URL. This field must be set correctly. CACertHashType-CACertHashType is the hash type used to verify certificate authority's certificate. CACertHash-CACertHash is the hash value used to verify certificate authority's certificate. Client will not issue a certificate request to a SCEP server and cannot pass certificate chain checking through a valid certificate authority. EnrollPwd, EnrollPwdEnc-EnrollPwd or EnrollPwdEnc is to set the enrollment password from a SCEP administrator.EnrollPwd is the plain-text enrollment password and EnrollPwdEnc is the encrypted form of the same enrollment password. Use only one of these two fields to set the used enrollment password. As a substitute of using EnrollPwd or EnrollPwdEnc to directly specify a enrollment password, client allows using a SCEP administrator's credential to automatically get an enrollment password from a Windows SCEP server. In this case, the ScepUser, ScepUserDomain, ScepUserPwd (or ScepUserPwdEnc, in encrypted form instead of plan-text) are used to specify the SCEP administrator's credential, and ScepAdminUrl must be set correctly to specify the corresponding SCEP admin web page's URL. If neither EnrollPwd nor EnrollPwdEnc is set, client tries to use these set of settings to automatically get an enrollment password and then use that password to request a certificate. Use ScepAutoEnroll=no AutoRenew=yes to only enable SCEP auto renew; all others parameters are not needed if ScepAutoEnroll is set to no. NOTE: SCEP server's URL must be an HTTP link. Do not add protocol prefix to RequestURL and ScepAdminURL. Specifies the default sign-on user. For more information, see Dell Wyse ThinOS 8.4 Administrator's Guide.