1certmonger(1)               General Commands Manual              certmonger(1)
2
3
4

NAME

6       getcert
7
8

SYNOPSIS

10       getcert resubmit [options]
11
12

DESCRIPTION

14       Tells certmonger to generate (or regenerate) a signing request and sub‐
15       mit (or resubmit) the signing request to a CA for signing.
16
17

SPECIFYING REQUESTS BY NICKNAME

19       -i NAME
20              Resubmit a signing request for the tracking  request  which  has
21              this  nickname.  If this option is not specified, and a tracking
22              entry which matches the  key  and  certificate  storage  options
23              which are specified already exists, that entry will be used.  If
24              not specified, the location of the certificate should be  speci‐
25              fied with either a combination of the -d and -n options, or with
26              the -f option.
27
28

SPECIFYING REQUESTS BY CERTIFICATE LOCATION

30       -d DIR The certificate is in the NSS database in the  specified  direc‐
31              tory.
32
33       -n NAME
34              The certificate in the NSS database named with -d has the speci‐
35              fied nickname.  Only valid with -d.
36
37       -t TOKEN
38              If the NSS database has more than one token available, the  cer‐
39              tificate  is  stored  in  this token.  This argument only rarely
40              needs to be specified.  Only valid with -d.
41
42       -f FILE
43              The certificate is stored in the named file.
44
45

ENROLLMENT OPTIONS

47       -c NAME
48              Submit the new signing request to the specified CA  rather  than
49              the  one  which was previously associated with this certificate.
50              The name of the CA should correspond to one  listed  by  getcert
51              list-cas.
52
53       -T NAME
54              Request  a  certificate  using  the  named profile, template, or
55              certtype, from the specified CA.
56
57       -I NAME
58              Assign the specified nickname to this task, replacing the previ‐
59              ous nickname.
60
61

SIGNING REQUEST OPTIONS

63       -N NAME
64              Change the subject name to include in the signing request.
65
66       -u keyUsage
67              Add  an extensionRequest for the specified keyUsage to the sign‐
68              ing request.  The keyUsage value is expected to be one of  these
69              names:
70
71              digitalSignature
72
73              nonRepudiation
74
75              keyEncipherment
76
77              dataEncipherment
78
79              keyAgreement
80
81              keyCertSign
82
83              cRLSign
84
85              encipherOnly
86
87              decipherOnly
88
89       -U EKU Change  the  extendedKeyUsage  value  specified  in an extended‐
90              KeyUsage extension part of the extensionRequest attribute in the
91              signing  request.   The  EKU  value  is expected to be an object
92              identifier (OID).
93
94       -K NAME
95              Change the Kerberos principal name specified as part of  a  sub‐
96              jectAltName  extension part of the extensionRequest attribute in
97              the signing request.
98
99       -E EMAIL
100              Change the email address specified as part of  a  subjectAltName
101              extension  part of the extensionRequest attribute in the signing
102              request.
103
104       -D DNSNAME
105              Change the DNS name specified as part of a subjectAltName exten‐
106              sion  part  of  the  extensionRequest  attribute  in the signing
107              request.
108
109       -A ADDRESS
110              Change the IP address specified  as  part  of  a  subjectAltName
111              extension  part of the extensionRequest attribute in the signing
112              request.
113
114       -l FILE
115              Add an optional ChallengePassword value, read from the file,  to
116              the signing request.  A ChallengePassword is often required when
117              the CA is accessed using SCEP.
118
119       -L PIN Add the argument  value  to  the  signing  request  as  a  Chal‐
120              lengePassword  attribute.  A ChallengePassword is often required
121              when the CA is accessed using SCEP.
122
123

OTHER OPTIONS

125       -B COMMAND
126              When ever the certificate or the CA's certificates are saved  to
127              the specified locations, run the specified command as the client
128              user before saving the certificates.
129
130       -C COMMAND
131              When ever the certificate or the CA's certificates are saved  to
132              the specified locations, run the specified command as the client
133              user after saving the certificates.
134
135       -a DIR When ever the certificate is saved to the specified location, if
136              root  certificates  for  the  CA are available, save them to the
137              specified NSS database.
138
139       -F FILE
140              When ever the certificate is saved to the specified location, if
141              root  certificates  for the CA are available, and when the local
142              copies of the CA's root certificates are updated, save  them  to
143              the specified file.
144
145       -w     Wait  for  the  certificate to be reissued and saved, or for the
146              attempt to obtain one to fail.
147
148       -v     Be verbose about errors.  Normally,  the  details  of  an  error
149              received  from  the  daemon will be suppressed if the client can
150              make a diagnostic suggestion.
151
152

BUGS

154       Please  file  tickets  for  any  that  you  find   at   https://fedora
155       hosted.org/certmonger/
156
157

SEE ALSO

159       certmonger(8)   getcert(1)   getcert-add-ca(1)   getcert-add-scep-ca(1)
160       getcert-list-cas(1)   getcert-list(1)   getcert-modify-ca(1)   getcert-
161       refresh-ca(1)    getcert-refresh(1)    getcert-remove-ca(1)    getcert-
162       request(1)  getcert-start-tracking(1)  getcert-status(1)  getcert-stop-
163       tracking(1)    certmonger-certmaster-submit(8)   certmonger-dogtag-ipa-
164       renew-agent-submit(8)  certmonger-dogtag-submit(8)  certmonger-ipa-sub‐
165       mit(8)  certmonger-local-submit(8)  certmonger-scep-submit(8)  certmon‐
166       ger_selinux(8)
167
168
169
170certmonger Manual               9 February 2015                  certmonger(1)
Impressum