Package certmonger

Certificate status monitor and PKI enrollment client

http://certmonger.fedorahosted.org

Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled.

General Commands (Section 1)
certmaster-getcert
The certmaster-getcert tool issues requests to a org.fedorahosted.certmonger service on behalf of the invoking user. It can ask the service to begin enrollment...
getcert
The getcert tool issues requests to a org.fedorahosted.certmonger service on behalf of the invoking user. It can ask the service to begin enrollment, optionally...
getcert-add-ca
Adds a CA configuration to certmonger, which can subsequently be used to enroll certificates.
getcert-add-scep-ca
Adds a CA configuration to certmonger, which can subsequently be used to enroll certificates. The configuration will use the bundled scep-submit helper. The...
getcert-list
Queries certmonger for a list of certificates which it is monitoring or attempting to obtain.
getcert-list-cas
Queries certmonger for a list of known CAs.
getcert-modify-ca
Modifies the helper command in a certmonger CA configuration.
getcert-refresh
Forces certmonger to immediately check on the status of an enrollment request for which it was either unable to contact a CA or for which it is waiting for the...
getcert-refresh-ca
Forces certmonger to refresh information specific to a CA, such as locally-stored copies of its certificates.
getcert-remove-ca
Remove a CA configuration from certmonger. Enrollment requests which reference the CA will behave as though they have no assigned CA.
getcert-request
Tells certmonger to use an existing key pair (or to generate one if one is not already found in the specified location), to generate a signing request using the...
getcert-resubmit
Tells certmonger to generate (or regenerate) a signing request and submit (or resubmit) the signing request to a CA for signing.
getcert-start-tracking
Tells certmonger to monitor an already-issued certificate. Optionally, when the certificate nears expiration, use an existing key pair (or to generate one if...
getcert-status
Queries certmonger for a status of a particular certificate request and sets an exit status to reflect that status.
getcert-stop-tracking
Tells certmonger to stop monitoring or attempting to obtain or refresh a certificate.
ipa-getcert
The ipa-getcert tool issues requests to a org.fedorahosted.certmonger service on behalf of the invoking user. It can ask the service to begin enrollment...
local-getcert
The local-getcert tool issues requests to a org.fedorahosted.certmonger service on behalf of the invoking user. It can ask the service to begin enrollment...
selfsign-getcert
The selfsign-getcert tool issues requests to a org.fedorahosted.certmonger service on behalf of the invoking user. It can ask the service to begin enrollment...
File Formats (Section 5)
certmonger.conf
The certmonger.conf file contains default settings used by certmonger. Its format is more or less that of a typical INI-style file. The only sections currently...
System Administration (Section 8)
certmonger
The certmonger daemon monitors certificates for impending expiration, and can optionally refresh soon-to-be-expired certificates with the help of a CA. If told...
certmonger-certmaster-submit
certmaster-submit is the helper which certmonger uses to make requests to certmaster-based CAs. It is not normally run interactively, but it can be for...
certmonger-dogtag-ipa-renew-agent-submit
dogtag-ipa-renew-agent-submit is the helper which certmonger uses to make certificate renewal requests to Dogtag instances running on IPA servers. It is not...
certmonger-dogtag-submit
dogtag-submit is the helper which certmonger can use to make certificate enrollment and renewal requests to Dogtag servers. It is not normally run...
certmonger-ipa-submit
ipa-submit is the helper which certmonger uses to make requests to IPA-based CAs. It is not normally run interactively, but it can be for troubleshooting...
certmonger-local-submit
local-submit is the helper which certmonger uses to implement its local signer. It is not normally run interactively, but it can be for troubleshooting...
certmonger-scep-submit
scep-submit is the helper which certmonger can use to transmit certificate enrollment and renewal requests to servers using SCEP. It is not normally run...