Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

certmonger.conf(5) [centos man page]

certmonger.conf(5)						File Formats Manual						certmonger.conf(5)

NAME

       certmonger.conf - configuration file for certmonger

DESCRIPTION

       The  certmonger.conf  file contains default settings used by certmonger.  Its format is more or less that of a typical INI-style file.  The
       only sections currently of note are named defaults and selfsign.

DEFAULTS

       Within the defaults section, these variables and values are recognized:

       notify_ttls
	      This is the list of times, given in seconds, before a certificate's not-after validity date (often referred  to  as  its	expiration
	      time)  when  certmonger  should  warn that the certificate will soon no longer be valid.	If this value is not specified, certmonger
	      will attempt to use the value of the ttls setting.  The default list of values is "2419200, 604800, 259200, 172800, 86400".

       enroll_ttls
	      This is the list of times, given in seconds, before a certificate's not-after validity date (often referred  to  as  its	expiration
	      time)  when  certmonger  should  attempt to automatically renew the certificate, if it is configured to do so.  If this value is not
	      specified, certmonger will attempt to use the value of the ttls setting.	The default list of values is  "2419200,  604800,  259200,
	      172800, 86400".

       notification_method
	      This is the method by which certmonger will notify the system administrator that a certificate will soon become invalid.	The recog-
	      nized values are syslog, mail, and command.  The default is syslog.  When sending mail, the notification message will  be  the  mail
	      message  subject.   When invoking a command, the notification message will be available in the "CERTMONGER_NOTIFICATION" environment
	      variable.

       notification_destination
	      This is the destination to which certmonger will send notifications.  It can be a syslog priority and/or facility,  separated  by  a
	      period, it can be an email address, or it can be a command to run.  The default value is daemon.notice.

       symmetric_cipher
	      This  is	the symmetric cipher which will be used to encrypt private keys stored in OpenSSL's PEM format.  Recognized values include
	      aes128 and aes256.  The default is aes128.  It is not recommended that this value be changed except in cases where  the  default	is
	      incompatible with other software.

       digest This  is the digest algorithm which will be used when signing certificate signing requests and self-signed certificates.	Recognized
	      values include sha1, sha256, sha384, and sha512.	The default is sha256.	It is not recommended that this value be changed except in
	      cases where the default is incompatible with other software.

SELFSIGN

       Within the selfsign section, these variables and values are recognized:

       validity_period
	      This  is	the  validity period given to self-signed certificates.  The value is specified as a combination of years (y), months (M),
	      weeks (w), days (d), hours (h), minutes (m), and/or seconds (s).	If no unit of time is specified, seconds are assumed.  The default
	      value is 1y.

       populate_unique_id
	      This  controls  whether  or not self-signed certificates will have their subjectUniqueID and issuerUniqueID fields populated.  While
	      RFC5280 prohibits their use, they may be needed and/or used by older applications.  The default value is no.

BUGS

       Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

       certmonger(8) certmonger_selinux(8)

certmonger Manual						   19 April 2012						certmonger.conf(5)

Check Out this Related Man Page

certmonger(8)						      System Manager's Manual						     certmonger(8)

NAME

       certmaster-submit

SYNOPSIS

       certmaster-submit [-h serverHost] [-c cafile] [-C capath] [csrfile]

DESCRIPTION

       certmaster-submit  is the helper which certmonger uses to make requests to certmaster-based CAs.  It is not normally run interactively, but
       it can be for troubleshooting purposes.	The signing request which is to be submitted should either be in a file whose name is given as	an
       argument, or fed into certmaster-submit via stdin.

OPTIONS

       -h serverHost
	      Submit  the  request  to	the  certmaster  instance  running  on	the  named  host.   The default is localhost:51235 if a file named
	      /var/run/certmaster.pid is found on the local system, and is read from /etc/certmaster/minion.conf if that file is not found.

       -c cafile
	      Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by the CA	whose  certificate
	      is in the named file.

       -C capath
	      Submit  the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by a CA whose certificate is
	      in a file in the named directory.

EXIT STATUS

       0      if the certificate was issued. The certificate will be printed.

       1      if the CA is still thinking.  A cookie value will be printed.

       2      if the CA rejected the request.  An error message may be printed.

       3      if the CA was unreachable.  An error message may be printed.

       4      if critical configuration information is missing.  An error message may be printed.

FILES

       /var/run/certmaster.pid
	      the certmaster service's PID file.  Its presence is taken to indicate that this system is a CA, and that requests should be  submit-
	      ted to a certmaster server running on the local system.

       /etc/certmaster/minion.conf
	      the certmaster minion configuration file.  If there is no indication that the local system is a certmaster server, then this file is
	      consulted to determine the location of the certmaster server.

KNOWN BUGS

       Checking for the existence of certmaster's PID file is a terrible way to figure out whether we're a minion or not.

BUGS

       Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

       certmonger(8) getcert(1) getcert-list(1) getcert-list-cas(1) getcert-resubmit(1) getcert-start-tracking(1)  getcert-stop-tracking(1)  cert-
       monger-ipa-submit(8)

certmonger Manual						    7 June 2010 						     certmonger(8)
Man Page