certmonger [-s|-S] [-L|-l] [-P PATH] [-b TIMEOUT|-B] [-n|-f] [-d
LEVEL] [-p FILE] [-F] [-c command] [-v]
The certmonger daemon monitors certificates for impending
expiration, and can optionally refresh soon-to-be-expired certificates with
the help of a CA. If told to, it can drive the entire enrollment process
from key generation through enrollment and refresh.
The daemon provides a control interface via the
org.fedorahosted.certmonger service, with which client tools such as
getcert(1) interact.
- -s, --session
- Listen on the session bus rather than the system bus.
- -S, --system
- Listen on the system bus rather than the session bus. This is the
default.
- -l,
--listening-socket
- Also listen on a private socket for connections from clients running under
the same UID.
- -L,
--only-listening-socket
- Listen only on a private socket for connections from clients running under
the same UID, and skip connecting to a bus.
- -P PATH,
--listening-socket-path=PATH
- Specify a location for the private listening socket. If the location
beings with a '/' character, it will be prefixed with 'unix:path=',
otherwise it will be prefixed with 'unix:'. If this option is not
specified, the listening socket, if one is created, will be placed in the
abstract namespace.
- -b TIMEOUT,
--bus-activation-timeout=TIMEOUT
- Behave as a bus-activated service: if there are no certificates to be
monitored or obtained, and no requests are received within TIMEOUT
seconds, exit. Not compatible with the -c option.
- -B,
--no-bus-activation-timeout
- Don't behave as a bus-activated service. This is the default.
- -n, --nofork
- Don't fork, and log messages to stderr rather than syslog.
- -f, --fork
- Do fork, and log messages to syslog rather than stderr. This is the
default.
- -d LEVEL,
--debug-level=LEVEL
- Set debugging level. Higher values produce more debugging output. Implies
-n.
- -p FILE,
pidfile=FILE
- Store the daemon's process ID in the named file.
- -F, --fips
- Force NSS to be initialized in FIPS mode. The default behavior is to heed
the setting stored in /proc/sys/crypto/fips_enabled.
- -c COMMAND,
--command=COMMAND
- After the service has initialized, run the specified command, then shut
down the service after the command exits. If the -l or -L option was also
specified, the command will be run with the CERTMONGER_PVT_ADDRESS
environment variable set to the listening socket's location. Not
compatible with the -b option.
- -v, --version
- Print version information and exit.
The set of certificates being monitored or signed is tracked using
files stored under /var/lib/certmonger/requests, or in a directory
named by the CERTMONGER_REQUESTS_DIR environment variable.
The set of known CAs is tracked using files stored under
/var/lib/certmonger/cas, or in a directory named by the
CERTMONGER_CAS_DIR environment variable.
Temporary files will be stored in
"/run/certmonger", or in the directory named by the
CERTMONGER_TMPDIR environment variable if that value was not given at
compile time.
Please file tickets for any that you find at
https://fedorahosted.org/certmonger/
getcert(1) getcert-add-ca(1)
getcert-add-scep-ca(1) getcert-list-cas(1)
getcert-list(1) getcert-modify-ca(1)
getcert-refresh-ca(1) getcert-refresh(1)
getcert-rekey(1) getcert-remove-ca(1)
getcert-request(1) getcert-resubmit(1)
getcert-start-tracking(1) getcert-status(1)
getcert-stop-tracking(1) certmonger-certmaster-submit(8)
certmonger-dogtag-ipa-renew-agent-submit(8)
certmonger-dogtag-submit(8) certmonger-ipa-submit(8)
certmonger-local-submit(8) certmonger-scep-submit(8)
certmonger_selinux(8)