Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

certmonger(8) [centos man page]

certmonger(8)						      System Manager's Manual						     certmonger(8)

NAME
certmonger SYNOPSIS
certmonger [-s|-S] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL] [-p FILE] [-F] DESCRIPTION
The certmonger daemon monitors certificates for impending expiration, and can optionally refresh soon-to-be-expired certificates with the help of a CA. If told to, it can drive the entire enrollment process from key generation through enrollment and refresh. The daemon provides a control interface via the org.fedorahosted.certmonger service, with which client tools such as getcert(1) interact. OPTIONS
-s Listen on the session bus rather than the system bus. -S Listen on the system bus rather than the session bus. This is the default. -b TIMEOUT Behave as a bus-activated service: if there are no certificates to be monitored or obtained, and no requests received within TIMEOUT seconds, exit. -B Don't behave as a bus-activated service. This is the default. -n Don't fork, and log messages to stderr rather than syslog. -f Do fork, and log messages to syslog rather than stderr. This is the default. -d LEVEL Set debugging level. Higher values produce more debugging output. Implies -n. -p FILE Store the daemon's process ID in the named file. -F Force NSS to be initialized in FIPS mode. The default behavior is to heed the setting stored in /proc/sys/crypto/fips_enabled. FILES
The set of certificates being monitored or signed is tracked using files stored under /var/lib/certmonger/requests, or in a directory named by the CERTMONGER_REQUESTS_DIR environment variable. The set of known CAs is tracked using files stored under /var/lib/certmonger/cas, or in a directory named by the CERTMONGER_CAS_DIR envi- ronment variable. Temporary files will be stored in "/var/run/certmonger", or in the directory named by the CERTMONGER_TMPDIR environment variable if that value was not given at compile time. BUGS
Please file tickets for any that you find at https://fedorahosted.org/certmonger/ SEE ALSO
getcert(1) getcert-list(1) getcert-list-cas(1) getcert-request(1) getcert-start-tracking(1) getcert-stop-tracking(1) certmonger-certmaster- submit(8) certmonger-ipa-submit(8) certmonger_selinux(8) certmonger Manual 28 November 2012 certmonger(8)

Check Out this Related Man Page

certmonger(8)						      System Manager's Manual						     certmonger(8)

NAME
ipa-submit SYNOPSIS
ipa-submit [-h serverHost] [-H serverURL] [-c cafile] [-C capath] [[-K] | [-t keytab] [-k submitterPrincipal]] [-P principalOfRequest] [csrfile] DESCRIPTION
ipa-submit is the helper which certmonger uses to make requests to IPA-based CAs. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into ipa-submit via stdin. OPTIONS
-P csrPrincipal Identifies the principal name of the service for which the certificate is being issued. This setting is required by IPA and must always be specified. -h serverHost Submit the request to the IPA server running on the named host. The default is to read the location of the host from /etc/ipa/default.conf. -H serverURL Submit the request to the IPA server at the specified location. The default is to read the location of the host from /etc/ipa/default.conf. -c cafile The server's certificate was issued by the CA whose certificate is in the named file. The default value is /etc/ipa/ca.crt. -C capath Trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory. There is no default for this option, and it is not expected to be necessary. -t keytab Authenticate to the IPA server using credentials derived from keys stored in the named keytab. The default value can vary, but it is usually /etc/krb5.keytab. This option conflicts with the -K option. -k authPrincipal Authenticate to the IPA server using credentials derived from keys stored in the named keytab for this principal name. The default value is the host service for the local host in the local realm. This option conflicts with the -K option. -K Authenticate to the IPA server using credentials derived from the default credential cache rather than a keytab. This option con- flicts with the -k option. EXIT STATUS
0 if the certificate was issued. The certificate will be printed. 1 if the CA is still thinking. A cookie value will be printed. 2 if the CA rejected the request. An error message may be printed. 3 if the CA was unreachable. An error message may be printed. 4 if critical configuration information is missing. An error message may be printed. FILES
/etc/ipa/default.conf is the IPA client configuration file. This file is consulted to determine the URL for the IPA server's XML-RPC interface. BUGS
Please file tickets for any that you find at https://fedorahosted.org/certmonger/ SEE ALSO
certmonger(8) getcert(1) getcert-list(1) getcert-list-cas(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-stop-tracking(1) cert- monger-dogtag-ipa-renew-agent-submit(8) certmonger-certmaster-submit(8) certmonger_selinux(8) certmonger Manual 7 June 2010 certmonger(8)
Man Page