1certmonger(1)               General Commands Manual              certmonger(1)
2
3
4

NAME

6       getcert
7
8

SYNOPSIS

10       getcert list [options]
11
12

DESCRIPTION

14       Queries certmonger for a list of certificates which it is monitoring or
15       attempting to obtain.
16
17

ENROLLMENT OPTIONS

19       -c NAME
20              List only entries which use the specified CA.  The name  of  the
21              CA should correspond to one listed by getcert list-cas.
22
23

LISTING OPTIONS

25       -r     List  only  entries which are either currently being enrolled or
26              refreshed.
27
28       -t     List only entries which are  not  currently  being  enrolled  or
29              refreshed.
30
31       -u|--utc
32              Display timestamps in UTC instead of local time.
33
34
35       -d DIR List  only  entries  which  use an NSS database in the specified
36              directory for storing the certificate.
37
38       -n NAME
39              List only tracking requests which use an NSS  database  and  the
40              specified nickname for storing the certificate.
41
42       -f FILE
43              List  only  tracking requests which specify that the certificate
44              should be stored in the specified file.
45
46       -i NAME
47              List only tracking requests which use this request nickname.
48
49

STATES

51       NEED_KEY_PAIR
52              The service is about to generate a new key pair.
53
54       GENERATING_KEY_PAIR
55              The service is currently generating a new key pair.
56
57       NEED_KEY_GEN_PERMS
58              The service encountered  a  filesystem  permission  error  while
59              attempting to save the newly-generated key pair.
60
61       NEED_KEY_GEN_PIN
62              The  service  is  missing the PIN which is required to access an
63              NSS database in order to save the newly-generated key  pair,  or
64              it has an incorrect PIN for a database.
65
66       NEED_KEY_GEN_TOKEN
67              The  service was unable to find a suitable token to use for gen‐
68              erating the new key pair.
69
70       HAVE_KEY_PAIR
71              The service has successfully generated a new key pair.
72
73       NEED_KEYINFO
74              The service needs to read information about the key pair.
75
76       READING_KEYINFO
77              The service is currently reading information about the key pair.
78
79       NEED_KEYINFO_READ_PIN
80              The service is missing the PIN which is required  to  access  an
81              NSS database in order to read information about the newly-gener‐
82              ated key pair, or it has an incorrect PIN for a database, or has
83              an  incorrect  password  for accessing a key stored in encrypted
84              PEM format.
85
86       NEED_KEYINFO_READ_TOKEN
87              The service was unable to find the token in which the  key  pair
88              is supposed to be stored.
89
90       HAVE_KEYINFO
91              The  service  has  successfully  read  information about the key
92              pair.
93
94       NEED_CSR
95              The service is about to generate a new signing request.
96
97       GENERATING_CSR
98              The service is generating a signing request.
99
100       NEED_CSR_GEN_PIN
101              The service is missing the PIN which is required  to  access  an
102              NSS  database  in order to use the key pair, or it has an incor‐
103              rect PIN for a database, or has an incorrect password for  read‐
104              ing a key stored in encrypted PEM format.
105
106       NEED_CSR_GEN_TOKEN
107              The  service  was unable to find the token in which the key pair
108              is supposed to be stored.
109
110       HAVE_CSR
111              The service has successfully generated a signing request.
112
113       NEED_SCEP_DATA
114              The service is about to generate data  specifically  needed  for
115              connecting to a CA using SCEP.
116
117       GENERATING_SCEP_DATA
118              The  service is generating data specifically needed for connect‐
119              ing to a CA using SCEP.
120
121       NEED_SCEP_GEN_PIN
122              The service is missing the PIN which is required  to  access  an
123              NSS  database  in order to use the key pair, or it has an incor‐
124              rect PIN for a database, or has an incorrect password for  read‐
125              ing a key stored in encrypted PEM format.
126
127       NEED_SCEP_GEN_TOKEN
128              The  service  was unable to find the token in which the key pair
129              is supposed to be stored.
130
131       NEED_SCEP_ENCRYPTION_CERT
132              The service is waiting until it can retrieve a copy of the  CA's
133              certificate  before it can generate data required for connecting
134              to the CA using SCEP.
135
136       NEED_SCEP_RSA_CLIENT_KEY
137              The CA should be contacted using SCEP,  but  SCEP  requires  the
138              client key pair to be an RSA key pair, and it is not.
139
140       HAVE_SCEP_DATA
141              The service has successfully generated data for use in SCEP.
142
143       NEED_TO_SUBMIT
144              The  service  is  about  to submit a signing request to a CA for
145              signing.
146
147       SUBMITTING
148              The service is currently submitting a signing request  to  a  CA
149              for signing.
150
151       NEED_CA
152              The  service  can't  submit a request to a CA because it doesn't
153              know which CA to use.
154
155       CA_UNREACHABLE
156              The service was unable to contact the CA, but it will try  again
157              later.
158
159       CA_UNCONFIGURED
160              The  service  is  missing  configuration which will be needed in
161              order to successfully contact the CA.
162
163       CA_REJECTED
164              The CA rejected the signing request.
165
166       CA_WORKING
167              The CA has not yet approved or rejected the request.   The  ser‐
168              vice will check on the status of the request later.
169
170       NEED_TO_SAVE_CERT
171              The CA approved the signing request, and the service is about to
172              save the issued certificate to the location where  it  has  been
173              told to save it.
174
175       PRE_SAVE_CERT
176              The  service  is  running a configured pre-saving command before
177              saving the newly-issued certificate to the location where it has
178              been told to save it.
179
180       START_SAVING_CERT
181              The  service  is  starting to save the issued certificate to the
182              location where it has been told to save it.
183
184       SAVING_CERT
185              The service is attempting to save the issued certificate to  the
186              location where it has been told to save it.
187
188       NEED_CERTSAVE_PERMS
189              The  service  encountered  a  filesystem  permission error while
190              attempting to save the newly-issued certificate to the  location
191              where it has been told to save it.
192
193       NEED_CERTSAVE_TOKEN
194              The  service  is  unable  to  find the token in which the newly-
195              issued certificate is to be stored.
196
197       NEED_CERTSAVE_PIN
198              The service is missing the PIN which is required  to  access  an
199              NSS  database  in  order to save the newly-issued certificate to
200              the location where it has been told to save it.
201
202       NEED_TO_SAVE_CA_CERTS
203              The service is about to save the certificate of the  issuing  CA
204              to the locations where it has been told to save them.
205
206       START_SAVING_CA_CERTS
207              The  service  is starting to save the certificate of the issuing
208              CA to the locations where it has been told to save them.
209
210       SAVING_CA_CERTS
211              The service is saving the certificate of the issuing CA  to  the
212              locations where it has been told to save them.
213
214       NEED_TO_SAVE_ONLY_CA_CERTS
215              The  service  is about to save the certificate of the issuing CA
216              to the locations where it has been told to save them.
217
218       START_SAVING_ONLY_CA_CERTS
219              The service is starting to save the certificate of  the  issuing
220              CA to the locations where it has been told to save them.
221
222       SAVING_ONLY_CA_CERTS
223              The  service  is saving the certificate of the issuing CA to the
224              locations where it has been told to save them.
225
226       NEED_CA_CERT_SAVE_PERMS
227              NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a  filesys‐
228              tem permission error while attempting to save the certificate of
229              the issuing CA to the locations where it has been told  to  save
230              them.
231
232       NEED_TO_READ_CERT
233              The  service  is  about  to read the issued certificate from the
234              location where it has been told to save it.
235
236       READING_CERT
237              The service is reading the issued certificate from the  location
238              where it has been told to save it.
239
240       SAVED_CERT
241              The  service has finished finished saving the issued certificate
242              and the issuer's certificate to the locations where it has  been
243              told to save them.
244
245       POST_SAVED_CERT
246              The  service  is  running a configured post-saving command after
247              saving the newly-issued certificate to the location where it has
248              been told to save them.
249
250       MONITORING
251              The  service  is  monitoring the certificate and waiting for its
252              not-valid-after date to approach.  This is expected  to  be  the
253              status most often seen.
254
255       NEED_TO_NOTIFY_VALIDITY
256              The service is about to notify the system administrator that the
257              certificate's not-valid-after date is approaching.
258
259       NOTIFYING_VALIDITY
260              The service is notifying the system administrator that the  cer‐
261              tificate's not-valid-after date is approaching.
262
263       NEED_TO_NOTIFY_REJECTION
264              The service is about to notify the system administrator that the
265              CA rejected the signing request.
266
267       NOTIFYING_REJECTION
268              The service is notifying the system administrator  that  the  CA
269              rejected the signing request.
270
271       NEED_TO_NOTIFY_ISSUED_SAVE_FAILED
272              The service is needs to notify the system administrator that the
273              CA issued a certificate, but that there was a problem saving the
274              certificate  to  the location where the service was told to save
275              it.
276
277       NOTIFYING_ISSUED_SAVE_FAILED
278              The service is is notifying the system administrator that the CA
279              issued  a  certificate,  but that there was a problem saving the
280              certificate to the location where the service was told  to  save
281              it.
282
283       NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED
284              The service is needs to notify the system administrator that the
285              CA issued a certificate, and the issued certificate was saved to
286              the  location  where  the  service has been told to save it, but
287              that there was a problem saving  the  CA's  certificate  to  the
288              locations where the service was told to save it.
289
290       NOTIFYING_ISSUED_CA_SAVE_FAILED
291              The  service  is  notifying the system administrator that the CA
292              issued a certificate, and the issued certificate  was  saved  to
293              the  location  where  the  service has been told to save it, but
294              that there was a problem saving  the  CA's  certificate  to  the
295              locations where the service was told to save it.
296
297       NEED_TO_NOTIFY_ISSUED_SAVED
298              The service is needs to notify the system administrator that the
299              CA issued a certificate and it has been saved  to  the  location
300              where the service has been told to save it.
301
302       NOTIFYING_ISSUED_SAVED
303              The  service  is  notifying the system administrator that the CA
304              issued a certificate and it has been saved to the location where
305              the service has been told to save it.
306
307       NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED
308              The  service needs to notify the system administrator that there
309              was a problem saving the  CA's  certificates  to  the  specified
310              location.
311
312       NOTIFYING_ONLY_CA_SAVE_FAILED
313              The service is notifying the system administrator that there was
314              a problem saving the CA's certificates to  the  specified  loca‐
315              tion.
316
317       NEED_GUIDANCE
318              An  unhandled  error was encountered while attempting to contact
319              the CA, or there is the service has just been told to monitor  a
320              certificate  which  does not exist and for which it has no loca‐
321              tion specified for storing a key pair that could be used to gen‐
322              erate a signing request to obtain one.
323
324       NEWLY_ADDED
325              The  service  has  just  been told to track a certificate, or to
326              generate a signing request to obtain one.
327
328       NEWLY_ADDED_START_READING_KEYINFO
329              The service has just been told to track  a  certificate,  or  to
330              generate  a signing request to obtain one, and is about to check
331              if there is already a key pair present.
332
333       NEWLY_ADDED_READING_KEYINFO
334              The service has just been told to track  a  certificate,  or  to
335              generate  a  signing  request  to obtain one, and is checking if
336              there is already a key pair present.
337
338       NEWLY_ADDED_NEED_KEYINFO_READ_PIN
339              The service has just been told to track  a  certificate,  or  to
340              generate  a  signing  request  to  obtain one, and was unable to
341              check if a key pair was present because it is  missing  the  PIN
342              which  is  required to access an NSS database, or because it has
343              an incorrect PIN for a database.
344
345       NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN
346              The service has just been told to track  a  certificate,  or  to
347              generate  a  signing  request  to  obtain one, and was unable to
348              check if a key pair was present because the token  which  should
349              be used for storing the key pair is not present.
350
351       NEWLY_ADDED_START_READING_CERT
352              The  service  has  just  been told to track a certificate, or to
353              generate a signing request to obtain one, and is about to  check
354              if a certificate is already present in the specified location.
355
356       NEWLY_ADDED_READING_CERT
357              The  service  has  just  been told to track a certificate, or to
358              generate a signing request to obtain one, and is checking  if  a
359              certificate is already present in the specified location.
360
361       NEWLY_ADDED_DECIDING
362              The  service  has  just  been told to track a certificate, or to
363              generate a signing request to obtain one, and is determining its
364              next course of action.
365
366

BUGS

368       Please   file   tickets  for  any  that  you  find  at  https://fedora
369       hosted.org/certmonger/
370
371

SEE ALSO

373       certmonger(8)   getcert(1)   getcert-add-ca(1)   getcert-add-scep-ca(1)
374       getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-
375       refresh(1)  getcert-rekey(1)  getcert-remove-ca(1)   getcert-request(1)
376       getcert-resubmit(1)     getcert-start-tracking(1)     getcert-status(1)
377       getcert-stop-tracking(1)  certmonger-certmaster-submit(8)   certmonger-
378       dogtag-ipa-renew-agent-submit(8)  certmonger-dogtag-submit(8)  certmon‐
379       ger-ipa-submit(8) certmonger-local-submit(8)  certmonger-scep-submit(8)
380       certmonger_selinux(8)
381
382
383
384certmonger Manual                28 June 2016                    certmonger(1)
Impressum