Scroll to navigation

CERTMONGER(1) General Commands Manual CERTMONGER(1)

NAME

getcert

SYNOPSIS

getcert list [options]

DESCRIPTION

Queries certmonger for a list of certificates which it is monitoring or attempting to obtain.

ENROLLMENT OPTIONS

List only entries which use the specified CA. The name of the CA should correspond to one listed by getcert list-cas.

LISTING OPTIONS

List only entries which are either currently being enrolled or refreshed.
List only entries which are not currently being enrolled or refreshed.
Display timestamps in UTC instead of local time.

List only entries which use an NSS database in the specified directory for storing the certificate.
List only tracking requests which use an NSS database and the specified nickname for storing the certificate.
List only tracking requests which specify that the certificate should be stored in the specified file.
List only tracking requests which use this request nickname.

STATES

The service is about to generate a new key pair.
The service is currently generating a new key pair.
The service encountered a filesystem permission error while attempting to save the newly-generated key pair.
The service is missing the PIN which is required to access an NSS database in order to save the newly-generated key pair, or it has an incorrect PIN for a database.
The service was unable to find a suitable token to use for generating the new key pair.
The service has successfully generated a new key pair.
The service needs to read information about the key pair.
The service is currently reading information about the key pair.
The service is missing the PIN which is required to access an NSS database in order to read information about the newly-generated key pair, or it has an incorrect PIN for a database, or has an incorrect password for accessing a key stored in encrypted PEM format.
The service was unable to find the token in which the key pair is supposed to be stored.
The service has successfully read information about the key pair.
The service is about to generate a new signing request.
The service is generating a signing request.
The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format.
The service was unable to find the token in which the key pair is supposed to be stored.
The service has successfully generated a signing request.
The service is about to generate data specifically needed for connecting to a CA using SCEP.
The service is generating data specifically needed for connecting to a CA using SCEP.
The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format.
The service was unable to find the token in which the key pair is supposed to be stored.
The service is waiting until it can retrieve a copy of the CA's certificate before it can generate data required for connecting to the CA using SCEP.
The CA should be contacted using SCEP, but SCEP requires the client key pair to be an RSA key pair, and it is not.
The service has successfully generated data for use in SCEP.
The service is about to submit a signing request to a CA for signing.
The service is currently submitting a signing request to a CA for signing.
The service can't submit a request to a CA because it doesn't know which CA to use.
The service was unable to contact the CA, but it will try again later.
The service is missing configuration which will be needed in order to successfully contact the CA.
The CA rejected the signing request.
The CA has not yet approved or rejected the request. The service will check on the status of the request later.
The CA approved the signing request, and the service is about to save the issued certificate to the location where it has been told to save it.
The service is running a configured pre-saving command before saving the newly-issued certificate to the location where it has been told to save it.
The service is starting to save the issued certificate to the location where it has been told to save it.
The service is attempting to save the issued certificate to the location where it has been told to save it.
The service encountered a filesystem permission error while attempting to save the newly-issued certificate to the location where it has been told to save it.
The service is unable to find the token in which the newly-issued certificate is to be stored.
The service is missing the PIN which is required to access an NSS database in order to save the newly-issued certificate to the location where it has been told to save it.
The service is about to save the certificate of the issuing CA to the locations where it has been told to save them.
The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them.
The service is saving the certificate of the issuing CA to the locations where it has been told to save them.
The service is about to save the certificate of the issuing CA to the locations where it has been told to save them.
The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them.
The service is saving the certificate of the issuing CA to the locations where it has been told to save them.
NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a filesystem permission error while attempting to save the certificate of the issuing CA to the locations where it has been told to save them.
The service is about to read the issued certificate from the location where it has been told to save it.
The service is reading the issued certificate from the location where it has been told to save it.
The service has finished finished saving the issued certificate and the issuer's certificate to the locations where it has been told to save them.
The service is running a configured post-saving command after saving the newly-issued certificate to the location where it has been told to save them.
The service is monitoring the certificate and waiting for its not-valid-after date to approach. This is expected to be the status most often seen.
The service is about to notify the system administrator that the certificate's not-valid-after date is approaching.
The service is notifying the system administrator that the certificate's not-valid-after date is approaching.
The service is about to notify the system administrator that the CA rejected the signing request.
The service is notifying the system administrator that the CA rejected the signing request.
The service is needs to notify the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it.
The service is is notifying the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it.
The service is needs to notify the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it.
The service is notifying the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it.
The service is needs to notify the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it.
The service is notifying the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it.
The service needs to notify the system administrator that there was a problem saving the CA's certificates to the specified location.
The service is notifying the system administrator that there was a problem saving the CA's certificates to the specified location.
An unhandled error was encountered while attempting to contact the CA, or there is the service has just been told to monitor a certificate which does not exist and for which it has no location specified for storing a key pair that could be used to generate a signing request to obtain one.
The service has just been told to track a certificate, or to generate a signing request to obtain one.
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if there is already a key pair present.
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if there is already a key pair present.
The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because it is missing the PIN which is required to access an NSS database, or because it has an incorrect PIN for a database.
The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because the token which should be used for storing the key pair is not present.
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if a certificate is already present in the specified location.
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if a certificate is already present in the specified location.
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is determining its next course of action.

BUGS

Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)

June 28, 2016 certmonger Manual