Variables used in the <PREREGISTER> section

These are the valid variables that you can customize in the <PREREGISTER> section of the 5-Year SCEP Certificate – Preregistration template. Some variables must be present in your <PREREGISTER> section and they are labeled as required in the following list.
AuthenticatedClient (required)
Specifies which action PKI Services takes when an authenticated SCEP client submits a certificate request for the first time. Valid values are:
AutoApprove (default)
Automatically approves certificate requests from authenticated first-time SCEP clients and automatically creates their certificates.
Start of changeAdminApproveEnd of change
Start of changeSubmits certificate requests from authenticated first-time SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.End of change
SemiauthenticatedClient (required)
Specifies which action PKI Services takes when a semiauthenticated SCEP client submits a certificate request for the first time. Valid values are:
Start of changeAdminApprove (default)End of change
Start of changeSubmits certificate requests from semiauthenticated first-time SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.End of change
Reject
Automatically rejects certificate requests from semiauthenticated first-time SCEP clients.
UnauthenticatedClient (required)
Specifies which action PKI Services takes when an unauthenticated SCEP client submits a certificate request for the first time. Valid values are:
Start of changeAdminApproveEnd of change
Start of changeSubmits certificate requests from unauthenticated first-time SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.End of change
Reject (default)
Automatically rejects certificate requests from unauthenticated first-time SCEP clients.
SubsequentRequest (optional)
Specifies which action PKI Services takes when a previously approved SCEP client submits an additional certificate request. If not set, PKI Services uses the AuthenticatedClient value. Valid values are:
AutoApprove (default)
Automatically approves certificate requests from previously approved SCEP clients and automatically creates their certificates.
Start of changeAdminApproveEnd of change
Start of changeSubmits certificate requests from previously approved SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.End of change
Reject
Automatically rejects SCEP requests from previously approved clients.
RenewalRequest (optional)
Specifies which action PKI Services takes when a previously approved SCEP client submits a certificate renewal request. If not set, PKI Services uses the AuthenticatedClient value. Valid values are:
AutoApprove (default)
Automatically approves certificate renewal requests from previously approved SCEP clients and automatically creates their certificates.
Start of changeAdminApproveEnd of change
Start of changeSubmits certificate renewal requests from previously approved SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.End of change
Reject
Automatically rejects certificate renewal requests from previously approved SCEP clients.
Parent topic: Overview of certificate request processing for preregistered SCEP clients

Tags used in the <PREREGISTER> section

The following tags are allowed in the <PREREGISTER> section of a template. Use of these tags is optional unless otherwise specified.
<ADMINNUM= value>
This optional tag indicates the number of PKI Services administrators that must approve certificate requests queued for approval before a certificate can be issued. If this tag is present, any variables that are assigned the value of AdminApprove requires the number of approvals that are specified by this tag. This tag has the form <ADMINNUM= value>, where value can be a numeric value from 1 to 32. The tag has the following meanings:
  • By default, queued requests require approval by one PKI Services administrator. If the ADMINNUM tag is not present, all queued requests require approval by one PKI Services administrator.
  • If the ADMINNUM tag does not occur within the PREREGISTER subsection, PKI Services operates as if the tag is not present.
  • If the ADMINNUM value is greater than 32, a value of 32 is used.
  • If the ADMINNUM value is less than one or is a non-numeric value, a value of 1 is used.
    Note: Start of changeA request created from this template remains Pending Approval state until the required number of individual administrative approvals is made for the request, at which time the request changes to Approved state. If an administrator issues an Approve with Modifications on a request that is in Pending Approval state, any previously made approvals are nullified, and the number of approvals that are made for the request is reset to 1.End of change