.TH CERTMONGER 8 "June 7, 2010" "certmonger Manual"

.SH NAME
certmaster\-submit

.SH SYNOPSIS
certmaster\-submit [\-h HOST] [\-c FILE] [\-C DIR] [\-v] [csrfile]

.SH DESCRIPTION
\fIcertmaster\-submit\fR is the helper which \fIcertmonger\fR uses to make
requests to certmaster\-based CAs.  It is not normally run interactively,
but it can be for troubleshooting purposes.  The signing request which is
to be submitted should either be in a file whose name is given as an argument,
or fed into \fIcertmaster\-submit\fR via stdin.

There is no standard authenticated method for obtaining the root certificate
from certmaster CAs, so \fBcertmonger\fR does not support retrieving trust
information from them.

.SH OPTIONS
.TP
\fB\-h\fR \fIHOST\fR, \fB\-\-server\-host\fR=\fIHOST\fR
Submit the request to the certmaster instance running on the named host.  The
default is \fIlocalhost:51235\fR if a file named \fB/var/run/certmaster.pid\fR
is found on the local system, and is read from \fB/etc/certmaster/minion.conf\fR
if that file is not found.
.TP
\fB\-c\fR \fIFILE\fR, \fB\-\-cafile\fR=\fIFILE\fR
Submit the request over HTTPS instead of HTTP, and only trust the server
if its certificate was issued by the CA whose certificate is in the named file.
.TP
\fB\-C\fR \fIDIR\fR, \fB\-\-capath\fR=\fIDIR\fR
Submit the request over HTTPS instead of HTTP, and only trust the server
if its certificate was issued by a CA whose certificate is in a file in
the named directory.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Be verbose about errors.  Normally, the details of an error received from
the daemon will be suppressed if the client can make a diagnostic suggestion.
.SH EXIT STATUS
.TP
0
if the certificate was issued. The certificate will be printed.
.TP
1
if the CA is still thinking.  A cookie value will be printed.
.TP
2
if the CA rejected the request.  An error message may be printed.
.TP
3
if the CA was unreachable.  An error message may be printed.
.TP
4
if critical configuration information is missing.  An error message may be printed.

.SH FILES
.TP
.I /var/run/certmaster.pid
the certmaster service's PID file.  Its presence is taken to indicate that this
system is a CA, and that requests should be submitted to a certmaster server
running on the local system.
.TP
.I /etc/certmaster/minion.conf
the certmaster minion configuration file.  If there is no indication that the
local system is a certmaster server, then this file is consulted to determine
the location of the certmaster server.

.SH KNOWN BUGS
Checking for the existence of certmaster's PID file is a terrible way to
figure out whether we're a minion or not.

.SH BUGS
Please file tickets for any that you find at https://fedorahosted.org/certmonger/

.SH SEE ALSO
\fBcertmonger\fR(8)
\fBgetcert\fR(1)
\fBgetcert\-add\-ca\fR(1)
\fBgetcert\-add\-scep\-ca\fR(1)
\fBgetcert\-list\-cas\fR(1)
\fBgetcert\-list\fR(1)
\fBgetcert\-modify\-ca\fR(1)
\fBgetcert\-refresh\-ca\fR(1)
\fBgetcert\-refresh\fR(1)
\fBgetcert\-rekey\fR(1)
\fBgetcert\-remove\-ca\fR(1)
\fBgetcert\-resubmit\fR(1)
\fBgetcert\-start\-tracking\fR(1)
\fBgetcert\-status\fR(1)
\fBgetcert\-stop\-tracking\fR(1)
\fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8)
\fBcertmonger\-dogtag\-submit\fR(8)
\fBcertmonger\-ipa\-submit\fR(8)
\fBcertmonger\-local\-submit\fR(8)
\fBcertmonger\-scep\-submit\fR(8)
\fBcertmonger_selinux\fR(8)