Scroll to navigation

CERTMONGER(8) System Manager's Manual CERTMONGER(8)




certmaster-submit [-h HOST] [-c FILE] [-C DIR] [-v] [csrfile]


certmaster-submit is the helper which certmonger uses to make requests to certmaster-based CAs. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into certmaster-submit via stdin.

There is no standard authenticated method for obtaining the root certificate from certmaster CAs, so certmonger does not support retrieving trust information from them.


-h HOST, --server-host=HOST
Submit the request to the certmaster instance running on the named host. The default is localhost:51235 if a file named /var/run/ is found on the local system, and is read from /etc/certmaster/minion.conf if that file is not found.
-c FILE, --cafile=FILE
Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by the CA whose certificate is in the named file.
-C DIR, --capath=DIR
Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory.
-v, --verbose
Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion.


if the certificate was issued. The certificate will be printed.
if the CA is still thinking. A cookie value will be printed.
if the CA rejected the request. An error message may be printed.
if the CA was unreachable. An error message may be printed.
if critical configuration information is missing. An error message may be printed.


the certmaster service's PID file. Its presence is taken to indicate that this system is a CA, and that requests should be submitted to a certmaster server running on the local system.
the certmaster minion configuration file. If there is no indication that the local system is a certmaster server, then this file is consulted to determine the location of the certmaster server.


Checking for the existence of certmaster's PID file is a terrible way to figure out whether we're a minion or not.


Please file tickets for any that you find at


certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-status(1) getcert-stop-tracking(1) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
June 7, 2010 certmonger Manual