CERTMONGER-LOCAL-SUBMIT(8) - Linux man page online | Administration and privileged commands

7 June 2014
certmonger(8) System Manager's Manual certmonger(8)




local-submit [-d state-directory] [-v] [csrfile]


local-submit is the helper which certmonger uses to implement its local signer. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into local-submit via stdin. The local signer is currently hard-coded to generate and use a 2048-bit RSA key and a name and initial serial number based on a UUID, replacing that key and certificate at roughly the midpoint of their useful lifetime. certmonger supports retrieving the list of current and previously-used local CA certifi‐ cates. See getcert-request(1) and getcert-resubmit(1) for information about specifying where those certificates should be stored.


-d state-directory Identifies the directory which contains the local signer's private key, certifi‐ cates, and other data used by the local signer. -v Increases the verbosity of the tool's diagnostic logging.


0 if the certificate was issued. The new certificate will be printed. 3 if the helper needs to be called again. An error message may be printed. 4 if critical configuration information is missing. An error message may be printed.


creds is currently a PKCS#12 bundle containing the local signer's current signing key and current and previously-used signer certificates. It should not be modified except by the local signer. A new key is currently generated when ever a new signer cer‐ tificate is needed. serial currently contains the serial number which will be used for the next issued cer‐ tificate. It should not be modified except by the local signer.


Please file tickets for any that you find at


certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert- rekey(1) getcert-remove-ca(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-sta‐ tus(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa- renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger- scep-submit(8) certmonger_selinux(8)
certmonger Manual 7 June 2014 certmonger(8)
This manual Reference Other manuals
certmonger-local-submit(8) referred by certmaster-getcert(1) | certmonger-certmaster-submit(8) | certmonger-dogtag-ipa-renew-agent-submit(8) | certmonger-dogtag-submit(8) | getcert-add-ca(1) | getcert-add-scep-ca(1) | getcert-modify-ca(1) | getcert-refresh-ca(1) | getcert-rekey(1) | getcert-remove-ca(1) | getcert-status(1) | ipa-getcert(1) | local-getcert(1) | selfsign-getcert(1)
refer to certmonger(8) | certmonger-certmaster-submit(8) | certmonger-dogtag-submit(8) | certmonger-ipa-submit(8) | getcert(1) | getcert-add-ca(1) | getcert-add-scep-ca(1) | getcert-list(1) | getcert-list-cas(1) | getcert-modify-ca(1) | getcert-refresh(1) | getcert-refresh-ca(1) | getcert-remove-ca(1) | getcert-request(1) | getcert-resubmit(1) | getcert-start-tracking(1) | getcert-stop-tracking(1)
Download raw manual
Main page System Manager's Manual (+2060) certmonger Manual (+27) № 8 (+5755)
Go top