These are the valid variables you can customize in the
<PREREGISTER> section of the
5-Year SCEP
Certificate – Preregistration template. Some variables
must be present in your
<PREREGISTER> section
and they are labeled as
required in the following
list.
- AuthenticatedClient (required)
- Specifies which action PKI Services takes when an authenticated SCEP
client submits a certificate request for the first time. Valid values
are:
- AutoApprove (default)
- Automatically approves certificate requests from authenticated
first-time SCEP clients and automatically creates their certificates.
- AdminApprove
- Submits certificate requests from authenticated first-time
SCEP clients to your PKI administrator for verification and approval.
- SemiauthenticatedClient (required)
- Specifies which action PKI Services takes when a semiauthenticated
SCEP client submits a certificate request for the first time. Valid
values are:
- AdminApprove (default)
- Submits certificate requests from semiauthenticated first-time
SCEP clients to your PKI administrator for verification and approval.
- Reject
- Automatically rejects certificate requests from semiauthenticated
first-time SCEP clients.
- UnauthenticatedClient (required)
- Specifies which action PKI Services takes when an unauthenticated
SCEP client submits a certificate request for the first time. Valid
values are:
- AdminApprove
- Submits certificate requests from unauthenticated first-time
SCEP clients to your PKI administrator for verification and approval.
- Reject (default)
- Automatically rejects certificate requests from unauthenticated
first-time SCEP clients.
- SubsequentRequest (optional)
- Specifies which action PKI Services takes when a previously approved
SCEP client submits an additional certificate request. If not set, PKI Services uses
the AuthenticatedClient value. Valid values
are:
- AutoApprove (default)
- Automatically approves certificate requests from previously
approved SCEP clients and automatically creates their certificates.
- AdminApprove
- Submits certificate requests from previously approved SCEP clients
to your PKI administrator for verification and approval.
- Reject
- Automatically rejects SCEP requests from previously approved
clients.
- RenewalRequest (optional)
- Specifies which action PKI Services takes when a previously approved
SCEP client submits a certificate renewal request. If not set, PKI Services uses
the AuthenticatedClient value. Valid values
are:
- AutoApprove (default)
- Automatically approves certificate renewal requests from previously
approved SCEP clients and automatically creates their certificates.
- AdminApprove
- Submits certificate renewal requests from previously approved
SCEP clients to your PKI administrator for verification and approval.
- Reject
- Automatically rejects certificate renewal requests from previously
approved SCEP clients.
z/OS Cryptographic Services PKI Services Guide and Reference
Copyright IBM Corporation 1990, 2014