Variables used in the <PREREGISTER> section
These are the valid variables that you can customize in the <PREREGISTER> section of the 5-Year SCEP Certificate
– Preregistration template. Some variables must be present in your <PREREGISTER> section and they are
labeled as required in the following list.
- AuthenticatedClient (required)
- Specifies which action PKI Services takes when
an authenticated SCEP client submits a certificate request for the
first time. Valid values are:
- AutoApprove (default)
- Automatically approves certificate requests from authenticated first-time SCEP clients and automatically creates their certificates.
- AdminApprove
- Submits certificate requests from authenticated first-time SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.
- SemiauthenticatedClient (required)
- Specifies which action PKI Services takes when
a semiauthenticated SCEP client submits a certificate request for
the first time. Valid values are:
- AdminApprove (default)
- Submits certificate requests from semiauthenticated first-time SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.
- Reject
- Automatically rejects certificate requests from semiauthenticated first-time SCEP clients.
- UnauthenticatedClient (required)
- Specifies which action PKI Services takes when
an unauthenticated SCEP client submits a certificate request for the
first time. Valid values are:
- AdminApprove
- Submits certificate requests from unauthenticated first-time SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.
- Reject (default)
- Automatically rejects certificate requests from unauthenticated first-time SCEP clients.
- SubsequentRequest (optional)
- Specifies which action PKI Services takes when
a previously approved SCEP client submits an additional certificate
request. If not set, PKI Services uses the AuthenticatedClient value. Valid values are:
- AutoApprove (default)
- Automatically approves certificate requests from previously approved SCEP clients and automatically creates their certificates.
- AdminApprove
- Submits certificate requests from previously approved SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.
- Reject
- Automatically rejects SCEP requests from previously approved clients.
- RenewalRequest (optional)
- Specifies which action PKI Services takes when
a previously approved SCEP client submits a certificate renewal request.
If not set, PKI Services uses the AuthenticatedClient value. Valid values
are:
- AutoApprove (default)
- Automatically approves certificate renewal requests from previously approved SCEP clients and automatically creates their certificates.
- AdminApprove
- Submits certificate renewal requests from previously approved SCEP clients to your PKI administrator for verification and approval. The ADMINNUM tag, when present, indicates that multiple approvals are required.
- Reject
- Automatically rejects certificate renewal requests from previously approved SCEP clients.
Tags used in the <PREREGISTER> section
The following tags are allowed in the <PREREGISTER> section
of a template. Use of these tags is optional unless otherwise specified.
- <ADMINNUM= value>
- This optional tag indicates the number of PKI Services administrators
that must approve certificate requests queued for approval before
a certificate can be issued. If this tag is present, any variables
that are assigned the value of AdminApprove requires the number
of approvals that are specified by this tag. This tag has the form
<ADMINNUM= value>, where value can be a numeric value from 1 to 32. The tag has the following meanings:
- By default, queued requests require approval by one PKI Services administrator. If the ADMINNUM tag is not present, all queued requests require approval by one PKI Services administrator.
- If the ADMINNUM tag does not occur within the PREREGISTER subsection, PKI Services operates as if the tag is not present.
- If the ADMINNUM value is greater than 32, a value of 32 is used.
- If the ADMINNUM value is less than one or is a non-numeric
value, a value of 1 is used.Note: A request created from this template remains Pending Approval state until the required number of individual administrative approvals is made for the request, at which time the request changes to Approved state. If an administrator issues an Approve with Modifications on a request that is in Pending Approval state, any previously made approvals are nullified, and the number of approvals that are made for the request is reset to 1.