NAME¶
certmonger
SYNOPSIS¶
certmonger [-s|-S] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-C cmd]
DESCRIPTION¶
The
certmonger daemon monitors certificates for impending expiration, and
can optionally refresh soon-to-be-expired certificates with the help of a CA.
If told to, it can drive the entire enrollment process from key generation
through enrollment and refresh.
The daemon provides a control interface via the
org.fedorahosted.certmonger service, with which client tools such as
getcert(1) interact.
OPTIONS¶
- -s
- Listen on the session bus rather than the system bus.
- -S
- Listen on the system bus rather than the session bus. This is the
default.
- -b TIMEOUT
- Behave as a bus-activated service: if there are no certificates to be
monitored or obtained, and no requests received within TIMEOUT seconds,
exit.
- -B
- Don't behave as a bus-activated service. This is the default.
- -n
- Don't fork, and log messages to stderr rather than syslog.
- -f
- Do fork, and log messages to syslog rather than stderr. This is the
default.
- -d LEVEL
- Set debugging level. Higher values produce more debugging output. Implies
-n.
- -p FILE
- Store the daemon's process ID in the named file.
- -F
- Force NSS to be initialized in FIPS mode. The default behavior is to heed
the setting stored in /proc/sys/crypto/fips_enabled.
- -C cmd
- After the service has initialized, run the specified command, then shut
down the service after the command exits.
FILES¶
The set of certificates being monitored or signed is tracked using files stored
under
/var/lib/certmonger/requests, or in a directory named by the
CERTMONGER_REQUESTS_DIR environment variable.
The set of known CAs is tracked using files stored under
/var/lib/certmonger/cas, or in a directory named by the
CERTMONGER_CAS_DIR environment variable.
Temporary files will be stored in "
/var/run/certmonger", or in
the directory named by the
CERTMONGER_TMPDIR environment variable if
that value was not given at compile time.
BUGS¶
Please file tickets for any that you find at
https://fedorahosted.org/certmonger/
SEE ALSO¶
getcert(1) getcert-list(1) getcert-list-cas(1)
getcert-refresh-ca(1) getcert-request(1)
getcert-resubmit(1) getcert-start-tracking(1)
getcert-status(1) getcert-stop-tracking(1)
certmonger-certmaster-submit(8) certmonger-ipa-submit(8)
certmonger_selinux(8)