.TH certmonger 8 "7 June 2010" "certmonger Manual"

.SH NAME
certmaster-submit

.SH SYNOPSIS
certmaster-submit [-h serverHost] [-c cafile] [-C capath] [csrfile]

.SH DESCRIPTION
\fIcertmaster-submit\fR is the helper which \fIcertmonger\fR uses to make
requests to certmaster-based CAs.  It is not normally run interactively,
but it can be for troubleshooting purposes.  The signing request which is
to be submitted should either be in a file whose name is given as an argument,
or fed into \fIcertmaster-submit\fR via stdin.

There is no standard authenticated method for obtaining the root certificate
from certmaster CAs, so \fBcertmonger\fR does not support retrieving trust
information from them.

.SH OPTIONS
.TP
\fB\-h\fR serverHost
Submit the request to the certmaster instance running on the named host.  The
default is \fIlocalhost:51235\fR if a file named \fB/var/run/certmaster.pid\fR
is found on the local system, and is read from \fB/etc/certmaster/minion.conf\fR
if that file is not found.
.TP
\fB\-c\fR cafile
Submit the request over HTTPS instead of HTTP, and only trust the server
if its certificate was issued by the CA whose certificate is in the named file.
.TP
\fB\-C\fR capath
Submit the request over HTTPS instead of HTTP, and only trust the server
if its certificate was issued by a CA whose certificate is in a file in
the named directory.

.SH EXIT STATUS
.TP
0
if the certificate was issued. The certificate will be printed.
.TP
1
if the CA is still thinking.  A cookie value will be printed.
.TP
2
if the CA rejected the request.  An error message may be printed.
.TP
3
if the CA was unreachable.  An error message may be printed.
.TP
4
if critical configuration information is missing.  An error message may be printed.

.SH FILES
.TP
.I /var/run/certmaster.pid
the certmaster service's PID file.  Its presence is taken to indicate that this
system is a CA, and that requests should be submitted to a certmaster server
running on the local system.
.TP
.I /etc/certmaster/minion.conf
the certmaster minion configuration file.  If there is no indication that the
local system is a certmaster server, then this file is consulted to determine
the location of the certmaster server.

.SH KNOWN BUGS
Checking for the existence of certmaster's PID file is a terrible way to
figure out whether we're a minion or not.

.SH BUGS
Please file tickets for any that you find at https://fedorahosted.org/certmonger/

.SH SEE ALSO
\fBcertmonger\fR(8)
\fBgetcert\fR(1)
\fBgetcert-add-ca\fR(1)
\fBgetcert-add-scep-ca\fR(1)
\fBgetcert-list-cas\fR(1)
\fBgetcert-list\fR(1)
\fBgetcert-modify-ca\fR(1)
\fBgetcert-refresh-ca\fR(1)
\fBgetcert-refresh\fR(1)
\fBgetcert-rekey\fR(1)
\fBgetcert-remove-ca\fR(1)
\fBgetcert-resubmit\fR(1)
\fBgetcert-start-tracking\fR(1)
\fBgetcert-status\fR(1)
\fBgetcert-stop-tracking\fR(1)
\fBcertmonger-dogtag-ipa-renew-agent-submit\fR(8)
\fBcertmonger-dogtag-submit\fR(8)
\fBcertmonger-ipa-submit\fR(8)
\fBcertmonger-local-submit\fR(8)
\fBcertmonger-scep-submit\fR(8)
\fBcertmonger_selinux\fR(8)