CentOS 7.0 - man page for getcert-start-tracking (centos section 1)

Linux & Unix Commands - Search Man Pages

Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


certmonger(1)									    certmonger(1)

NAME
       getcert

SYNOPSIS
       getcert start-tracking [options]

DESCRIPTION
       Tells  certmonger to monitor an already-issued certificate.  Optionally, when the certifi-
       cate nears expiration, use an existing key pair (or to generate one if one is not  already
       found  in the specified location), to generate a signing request using the key pair and to
       submit them for signing to a CA.

SPECIFYING EXISTING REQUESTS
       -i NAME
	      Modify the request which has this nickname.  If this option is not specified, and a
	      tracking	entry  which  matches  the  key and certificate storage options which are
	      specified already exists, that entry will be modified.  Otherwise, a  new  tracking
	      entry will be added.

KEY AND CERTIFICATE STORAGE OPTIONS
       -d DIR Use an NSS database in the specified directory for reading this certificate and, if
	      possible, the corresponding key.

       -n NAME
	      Use the certificate with this nickname, and if a private key with the same nickname
	      or  which  corresponds to the certificate is available, to use it, too.  Only valid
	      with -d.

       -t TOKEN
	      If the NSS database has more than one token available, use the token with this name
	      for accessing the certificate and key.  This argument only rarely needs to be spec-
	      ified.  Only valid with -d.

       -f FILE
	      Read the certificate from this file.  For safety's sake, do not use the  same  file
	      specified with the -k option.

       -k FILE
	      Use  the	key  stored in this file to generate a signing request for refreshing the
	      certificate.  If no such file is found when needed, generate a  new  key	pair  and
	      store them in the file.  Only valid with -f.


KEY ENCRYPTION OPTIONS
       -p FILE
	      The  private key files or databases are encrypted using the PIN stored in the named
	      file as the passphrase.

       -P PIN The private key files or databases are encrypted using the  specified  PIN  as  the
	      passphrase.  Because command-line arguments to running processes are trivially dis-
	      coverable, use of this option is not recommended except for testing.

TRACKING OPTIONS
       -I NAME
	      Assign the specified nickname to this task.  If this option  is  not  specified,	a
	      name will be assigned automatically.

       -r     Attempt  to obtain a new certificate from the CA when the expiration date of a cer-
	      tificate nears.  This is the default setting.

       -R     Don't attempt to obtain a new certificate from the CA when the expiration date of a
	      certificate nears.  If this option is specified, an expired certificate will simply
	      stay expired.

ENROLLMENT OPTIONS
       -c NAME
	      Enroll with the specified CA rather than a possible default.  The name  of  the  CA
	      should  correspond  to  one listed by getcert list-cas.  Only useful in combination
	      with -r.

       -T NAME
	      Request a certificate using the named profile,  template,  or  certtype,	from  the
	      specified CA.

SIGNING REQUEST OPTIONS
       If and when certmonger attempts to obtain a new certificate to replace the one being moni-
       tored, the values to be added to the signing request will be taken from the  current  cer-
       tificate, unless preferred values are set using one or more of -uU, -K, -E, and -D.

       -u keyUsage
	      Add  an  extensionRequest  for  the specified keyUsage to the signing request.  The
	      keyUsage value is expected to be one of these names:

	      digitalSignature

	      nonRepudiation

	      keyEncipherment

	      dataEncipherment

	      keyAgreement

	      keyCertSign

	      cRLSign

	      encipherOnly

	      decipherOnly

       -U EKU Add an extensionRequest for the specified extendedKeyUsage to the signing  request.
	      The EKU value is expected to be an object identifier (OID).

       -K NAME
	      Add an extensionRequest for a subjectAltName, with the specified Kerberos principal
	      name as its value, to the signing request.

       -E EMAIL
	      Add an extensionRequest for a subjectAltName, with the specified email  address  as
	      its value, to the signing request.

       -D DNSNAME
	      Add  an  extensionRequest  for a subjectAltName, with the specified DNS name as its
	      value, to the signing request.

OTHER OPTIONS
       -B command
	      When ever the certificate is saved to the specified  location,  run  the	specified
	      command as the client user before saving the certificate.

       -C command
	      When  ever  the  certificate  is saved to the specified location, run the specified
	      command as the client user after saving the certificate.

       -v     Be verbose about errors.	Normally, the details of an error received from the  dae-
	      mon will be suppressed if the client can make a diagnostic suggestion.

BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO
       certmonger(8)  getcert(1)  getcert-list(1) getcert-list-cas(1) getcert-request(1) getcert-
       resubmit(1) getcert-stop-tracking(1)  certmonger-certmaster-submit(8)  certmonger-ipa-sub-
       mit(8) certmonger_selinux(8)

certmonger Manual			   14 June 2012 			    certmonger(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 05:30 PM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?