1certmonger(1) General Commands Manual certmonger(1)
2
3
4
6 getcert
7
8
10 getcert resubmit [options]
11
12
14 Tells certmonger to generate (or regenerate) a signing request and sub‐
15 mit (or resubmit) the signing request to a CA for signing.
16
17
19 -i NAME
20 Resubmit a signing request for the tracking request which has
21 this nickname. If this option is not specified, and a tracking
22 entry which matches the key and certificate storage options
23 which are specified already exists, that entry will be used. If
24 not specified, the location of the certificate should be speci‐
25 fied with either a combination of the -d and -n options, or with
26 the -f option.
27
28
30 -d DIR The certificate is in the NSS database in the specified direc‐
31 tory.
32
33 -n NAME
34 The certificate in the NSS database named with -d has the speci‐
35 fied nickname. Only valid with -d.
36
37 -t TOKEN
38 If the NSS database has more than one token available, the cer‐
39 tificate is stored in this token. This argument only rarely
40 needs to be specified. Only valid with -d.
41
42 -f FILE
43 The certificate is stored in the named file.
44
45
47 -c NAME
48 Submit the new signing request to the specified CA rather than
49 the one which was previously associated with this certificate.
50 The name of the CA should correspond to one listed by getcert
51 list-cas.
52
53 -T NAME
54 Request a certificate using the named profile, template, or
55 certtype, from the specified CA.
56
57 -I NAME
58 Assign the specified nickname to this task, replacing the previ‐
59 ous nickname.
60
61
63 -N NAME
64 Change the subject name to include in the signing request.
65
66 -u keyUsage
67 Add an extensionRequest for the specified keyUsage to the sign‐
68 ing request. The keyUsage value is expected to be one of these
69 names:
70
71 digitalSignature
72
73 nonRepudiation
74
75 keyEncipherment
76
77 dataEncipherment
78
79 keyAgreement
80
81 keyCertSign
82
83 cRLSign
84
85 encipherOnly
86
87 decipherOnly
88
89 -U EKU Change the extendedKeyUsage value specified in an extended‐
90 KeyUsage extension part of the extensionRequest attribute in the
91 signing request. The EKU value is expected to be an object
92 identifier (OID).
93
94 -K NAME
95 Change the Kerberos principal name specified as part of a sub‐
96 jectAltName extension part of the extensionRequest attribute in
97 the signing request.
98
99 -E EMAIL
100 Change the email address specified as part of a subjectAltName
101 extension part of the extensionRequest attribute in the signing
102 request.
103
104 -D DNSNAME
105 Change the DNS name specified as part of a subjectAltName exten‐
106 sion part of the extensionRequest attribute in the signing
107 request.
108
109 -A ADDRESS
110 Change the IP address specified as part of a subjectAltName
111 extension part of the extensionRequest attribute in the signing
112 request.
113
114 -l FILE
115 Add an optional ChallengePassword value, read from the file, to
116 the signing request. A ChallengePassword is often required when
117 the CA is accessed using SCEP.
118
119 -L PIN Add the argument value to the signing request as a Chal‐
120 lengePassword attribute. A ChallengePassword is often required
121 when the CA is accessed using SCEP.
122
123
125 -B COMMAND
126 When ever the certificate or the CA's certificates are saved to
127 the specified locations, run the specified command as the client
128 user before saving the certificates.
129
130 -C COMMAND
131 When ever the certificate or the CA's certificates are saved to
132 the specified locations, run the specified command as the client
133 user after saving the certificates.
134
135 -a DIR When ever the certificate is saved to the specified location, if
136 root certificates for the CA are available, save them to the
137 specified NSS database.
138
139 -F FILE
140 When ever the certificate is saved to the specified location, if
141 root certificates for the CA are available, and when the local
142 copies of the CA's root certificates are updated, save them to
143 the specified file.
144
145 -w Wait for the certificate to be reissued and saved, or for the
146 attempt to obtain one to fail.
147
148 -v Be verbose about errors. Normally, the details of an error
149 received from the daemon will be suppressed if the client can
150 make a diagnostic suggestion.
151
152
154 Please file tickets for any that you find at https://fedora‐
155 hosted.org/certmonger/
156
157
159 certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1)
160 getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-
161 refresh-ca(1) getcert-refresh(1) getcert-remove-ca(1) getcert-
162 request(1) getcert-start-tracking(1) getcert-status(1) getcert-stop-
163 tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-
164 renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-sub‐
165 mit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmon‐
166 ger_selinux(8)
167
168
169
170certmonger Manual 9 February 2015 certmonger(1)