1certmonger(8)               System Manager's Manual              certmonger(8)
2
3
4

NAME

6       ipa-submit
7
8

SYNOPSIS

10       ipa-submit  [-h  serverHost] [-H serverURI] [-c cafile] [-C capath] [-t
11       keytab] [-k submitterPrincipal] [-P principalOfRequest] [csrfile]
12
13

DESCRIPTION

15       ipa-submit is the helper which certmonger uses to make requests to IPA-
16       based  CAs.   It  is  not normally run interactively, but it can be for
17       troubleshooting purposes.  The signing request which is to be submitted
18       should  either  be in a file whose name is given as an argument, or fed
19       into ipa-submit via stdin.
20
21

OPTIONS

23       -P csrPrincipal
24              Identifies the principal name of the service for which the  cer‐
25              tificate  is  being issued.  This setting is required by IPA and
26              must always be specified.
27
28       -h serverHost
29              Submit the request to the IPA server running on the named  host.
30              The   default   is  to  read  the  location  of  the  host  from
31              /etc/ipa/default.conf.
32
33       -H serverURI
34              Submit the request to the IPA server at the specified  location.
35              The   default   is  to  read  the  location  of  the  host  from
36              /etc/ipa/default.conf.
37
38       -c cafile
39              The server's certificate was issued by the CA whose  certificate
40              is in the named file.  The default value is /etc/ipa/ca.crt.
41
42       -C capath
43              Trust  the  server  if  its certificate was issued by a CA whose
44              certificate is in a file in the named directory.   There  is  no
45              default for this option, and it is not expected to be necessary.
46
47       -t keytab
48              Authenticate  to  the  IPA server using credentials derived from
49              keys stored in the named keytab.  The default  value  can  vary,
50              but it is usually /etc/krb5.keytab.
51
52       -k authPrincipal
53              Authenticate  to  the  IPA server using credentials derived from
54              keys stored in the named keytab for this  principal  name.   The
55              default  value  is  the  host  service for the local host in the
56              local realm.
57
58

EXIT STATUS

60       0      if the certificate was issued. The certificate will be printed.
61
62       1      if the CA is still thinking.  A cookie value will be printed.
63
64       2      if the CA  rejected  the  request.   An  error  message  may  be
65              printed.
66
67       3      if the CA was unreachable.  An error message may be printed.
68
69       4      if critical configuration information is missing.  An error mes‐
70              sage may be printed.
71
72

FILES

74       /etc/ipa/default.conf
75              is the IPA client configuration file.  This file is consulted to
76              determine the URI for the IPA server's XML-RPC interface.
77
78

BUGS

80       Please   file   tickets  for  any  that  you  find  at  https://fedora
81       hosted.org/certmonger/
82
83

SEE ALSO

85       certmonger(8) getcert(1) getcert-list(1)  getcert-list-cas(1)  getcert-
86       resubmit(1) getcert-start-tracking(1) getcert-stop-tracking(1) certmon‐
87       ger-certmaster-submit(8)
88
89
90
91certmonger Manual                 7 June 2010                    certmonger(8)
Impressum