SCEPCredential

The fingerprint of the Certificate Authority certificate.

A preshared secret.

The key type, which always has the value RSA.

A bitmask that specifies the use of the key: 1 is signing, 4 is encryption, and 5 is both signing and encryption. Some certificate authorities, such as Windows CA, support only encryption or signing, but not both at the same time.

The key size in bits, either 1024, 2048, or 4096.

Any string that the SCEP server recognizes. For example, it could be a domain name such as example.org. If a certificate authority has multiple CA certificates, you can use this field to specify the required certificate.

The number of times the device should retry if the server sends a PENDING response.

The number of seconds to wait between subsequent retries. The system makes the first retry without this delay.

The representation of an X.500 name is an array of OID and value. For example, /C=US/O=Apple Inc./CN=foo/1.2.5.3=bar corresponds to:

[ [ ["C", "US"] ], [ ["O", "Apple Inc."] ], [ [ "CN", "foo"] ], [ [ "1.2.5.3", "bar" ] ] ]

You can represent OIDs as dotted numbers or use shortcuts for country (C), locality (L), state (ST), organization (O), organizational unit (OU), and common name (CN).

The subject’s alternative name for the certificate.

The SCEP URL.