1certmonger(8)               System Manager's Manual              certmonger(8)
2
3
4

NAME

6       certmonger
7
8

SYNOPSIS

10       certmonger  [-s|-S]  [-L|-l]  [-P  SOCKET]  [-b TIMEOUT|-B] [-n|-f] [-d
11       LEVEL] [-p FILE] [-F] [-c cmd] [-v]
12
13

DESCRIPTION

15       The certmonger daemon monitors certificates for  impending  expiration,
16       and  can  optionally  refresh  soon-to-be-expired certificates with the
17       help of a CA.  If told to, it can drive the entire  enrollment  process
18       from key generation through enrollment and refresh.
19
20       The  daemon provides a control interface via the org.fedorahosted.cert‐
21       monger service, with which client tools such as getcert(1) interact.
22
23

OPTIONS

25       -s     Listen on the session bus rather than the system bus.
26
27       -S     Listen on the system bus rather than the session bus.   This  is
28              the default.
29
30       -l     Also  listen  on  a  private socket for connections from clients
31              running under the same UID.
32
33       -L     Listen only on a private socket  for  connections  from  clients
34              running under the same UID, and skip connecting to a bus.
35
36       -P     Specify  a  location  for  the private listening socket.  If the
37              location beings with a '/' character, it will be  prefixed  with
38              'unix:path=',  otherwise  it  will be prefixed with 'unix:'.  If
39              this option is not specified, the listening socket,  if  one  is
40              created, will be placed in the abstract namespace.
41
42       -b TIMEOUT
43              Behave  as a bus-activated service: if there are no certificates
44              to be monitored or obtained, and no requests are received within
45              TIMEOUT seconds, exit.  Not compatible with the -c option.
46
47       -B     Don't behave as a bus-activated service.  This is the default.
48
49       -n     Don't fork, and log messages to stderr rather than syslog.
50
51       -f     Do fork, and log messages to syslog rather than stderr.  This is
52              the default.
53
54       -d LEVEL
55              Set debugging level.  Higher values produce more debugging  out‐
56              put.  Implies -n.
57
58       -p FILE
59              Store the daemon's process ID in the named file.
60
61       -F     Force  NSS to be initialized in FIPS mode.  The default behavior
62              is to heed the setting stored in /proc/sys/crypto/fips_enabled.
63
64       -c cmd After the service has initialized, run  the  specified  command,
65              then  shut  down the service after the command exits.  If the -l
66              or -L option was also specified, the command will  be  run  with
67              the  CERTMONGER_PVT_ADDRESS environment variable set to the lis‐
68              tening socket's location.  Not compatible with the -b option.
69
70       -v     Print version information and exit.
71
72

FILES

74       The set of certificates being monitored  or  signed  is  tracked  using
75       files  stored  under  /var/lib/certmonger/requests,  or  in a directory
76       named by the CERTMONGER_REQUESTS_DIR environment variable.
77
78       The set of known CAs is tracked using files stored under /var/lib/cert‐
79       monger/cas,  or in a directory named by the CERTMONGER_CAS_DIR environ‐
80       ment variable.
81
82       Temporary files will be stored in "/run/certmonger", or in  the  direc‐
83       tory  named by the CERTMONGER_TMPDIR environment variable if that value
84       was not given at compile time.
85
86

BUGS

88       Please  file  tickets  for  any  that  you  find   at   https://fedora
89       hosted.org/certmonger/
90
91

SEE ALSO

93       getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1)
94       getcert-list(1)  getcert-modify-ca(1)  getcert-refresh-ca(1)   getcert-
95       refresh(1)   getcert-rekey(1)  getcert-remove-ca(1)  getcert-request(1)
96       getcert-resubmit(1)     getcert-start-tracking(1)     getcert-status(1)
97       getcert-stop-tracking(1)   certmonger-certmaster-submit(8)  certmonger-
98       dogtag-ipa-renew-agent-submit(8)  certmonger-dogtag-submit(8)  certmon‐
99       ger-ipa-submit(8)  certmonger-local-submit(8) certmonger-scep-submit(8)
100       certmonger_selinux(8)
101
102
103
104certmonger Manual                14 June 2015                    certmonger(8)
Impressum