SIMPLE SOLUTIONS

CERTMONGER(8) - Linux man page online | Administration and privileged commands

Chapter
14 June 2015
certmonger(8) System Manager's Manual certmonger(8)

NAME

certmonger

SYNOPSIS

certmonger [-s|-S] [-L|-l] [-P SOCKET] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-c cmd] [-v]

DESCRIPTION

The certmonger daemon monitors certificates for impending expiration, and can optionally refresh soon-to-be-expired certificates with the help of a CA. If told to, it can drive the entire enrollment process from key generation through enrollment and refresh. The daemon provides a control interface via the org.fedorahosted.certmonger service, with which client tools such as getcert(1) interact.

OPTIONS

-s Listen on the session bus rather than the system bus. -S Listen on the system bus rather than the session bus. This is the default. -l Also listen on a private socket for connections from clients running under the same UID. -L Listen only on a private socket for connections from clients running under the same UID, and skip connecting to a bus. -P Specify a location for the private listening socket. If the location beings with a '/' character, it will be prefixed with 'unix:path=', otherwise it will be prefixed with 'unix:'. If this option is not specified, the listening socket, if one is created, will be placed in the abstract namespace. -b TIMEOUT Behave as a bus-activated service: if there are no certificates to be monitored or obtained, and no requests are received within TIMEOUT seconds, exit. Not compati‐ ble with the -c option. -B Don't behave as a bus-activated service. This is the default. -n Don't fork, and log messages to stderr rather than syslog. -f Do fork, and log messages to syslog rather than stderr. This is the default. -d LEVEL Set debugging level. Higher values produce more debugging output. Implies -n. -p FILE Store the daemon's process ID in the named file. -F Force NSS to be initialized in FIPS mode. The default behavior is to heed the set‐ ting stored in /proc/sys/crypto/fips_enabled. -c cmd After the service has initialized, run the specified command, then shut down the service after the command exits. If the -l or -L option was also specified, the command will be run with the CERTMONGER_PVT_ADDRESS environment variable set to the listening socket's location. Not compatible with the -b option. -v Print version information and exit.

FILES

The set of certificates being monitored or signed is tracked using files stored under /var/lib/certmonger/requests, or in a directory named by the CERTMONGER_REQUESTS_DIR envi‐ ronment variable. The set of known CAs is tracked using files stored under /var/lib/certmonger/cas, or in a directory named by the CERTMONGER_CAS_DIR environment variable. Temporary files will be stored in "/var/run/certmonger", or in the directory named by the CERTMONGER_TMPDIR environment variable if that value was not given at compile time.

BUGS

Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert- remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-sta‐ tus(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa- renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger- local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
certmonger Manual 14 June 2015 certmonger(8)
This manual Reference Other manuals
certmonger(8) referred by certmaster-getcert(1) | certmonger-certmaster-submit(8) | certmonger-dogtag-ipa-renew-agent-submit(8) | certmonger-dogtag-submit(8) | certmonger-ipa-submit(8) | certmonger-local-submit(8) | certmonger-scep-submit(8) | certmonger.conf(5) | getcert(1) | getcert-add-ca(1) | getcert-add-scep-ca(1) | getcert-list(1) | getcert-list-cas(1) | getcert-modify-ca(1) | getcert-refresh(1) | getcert-refresh-ca(1) | getcert-rekey(1) | getcert-remove-ca(1) | getcert-request(1) | getcert-resubmit(1)
refer to certmonger-certmaster-submit(8) | certmonger-dogtag-submit(8) | certmonger-ipa-submit(8) | certmonger-scep-submit(8) | getcert(1) | getcert-add-ca(1) | getcert-add-scep-ca(1) | getcert-list(1) | getcert-list-cas(1) | getcert-modify-ca(1) | getcert-refresh(1) | getcert-refresh-ca(1) | getcert-rekey(1) | getcert-request(1) | getcert-resubmit(1) | getcert-start-tracking(1) | getcert-stop-tracking(1)
Download raw manual
Main page System Manager's Manual (+2060) certmonger Manual (+27) № 8 (+5755)
Go top