certmonger(8)

1certmonger(8)               System Manager's Manual              certmonger(8)
2
3
4

NAME

6       certmonger
7
8

SYNOPSIS

10       certmonger  [-s|-S]  [-L|-l]  [-P  SOCKET]  [-b TIMEOUT|-B] [-n|-f] [-d
11       LEVEL] [-p FILE] [-F] [-C cmd]
12
13

DESCRIPTION

15       The certmonger daemon monitors certificates for  impending  expiration,
16       and  can  optionally  refresh  soon-to-be-expired certificates with the
17       help of a CA.  If told to, it can drive the entire  enrollment  process
18       from key generation through enrollment and refresh.
19
20       The  daemon provides a control interface via the org.fedorahosted.cert‐
21       monger service, with which client tools such as getcert(1) interact.
22
23

OPTIONS

25       -s     Listen on the session bus rather than the system bus.
26
27       -S     Listen on the system bus rather than the session bus.   This  is
28              the default.
29
30       -l     Also  listen  on  a  private socket for connections from clients
31              running under the same UID.
32
33       -L     Listen only on a private socket  for  connections  from  clients
34              running under the same UID, and skip connecting to a bus.
35
36       -P     Specify  a  location  for  the private listening socket.  If the
37              location beings with a '/' character, it will be  prefixed  with
38              'unix:path=',  otherwise  it  will be prefixed with 'unix:'.  If
39              this option is not specified, the listening socket,  if  one  is
40              created, will be placed in the abstract namespace.
41
42       -b TIMEOUT
43              Behave  as a bus-activated service: if there are no certificates
44              to be monitored or obtained, and no requests are received within
45              TIMEOUT seconds, exit.  Not compatible with the -C option.
46
47       -B     Don't behave as a bus-activated service.  This is the default.
48
49       -n     Don't fork, and log messages to stderr rather than syslog.
50
51       -f     Do fork, and log messages to syslog rather than stderr.  This is
52              the default.
53
54       -d LEVEL
55              Set debugging level.  Higher values produce more debugging  out‐
56              put.  Implies -n.
57
58       -p FILE
59              Store the daemon's process ID in the named file.
60
61       -F     Force  NSS to be initialized in FIPS mode.  The default behavior
62              is to heed the setting stored in /proc/sys/crypto/fips_enabled.
63
64       -C cmd After the service has initialized, run  the  specified  command,
65              then  shut  down the service after the command exits.  If the -l
66              or -L option was also specified, the command will  be  run  with
67              the  CERTMONGER_PVT_ADDRESS environment variable set to the lis‐
68              tening socket's location.  Not compatible with the -b option.
69
70

FILES

72       The set of certificates being monitored  or  signed  is  tracked  using
73       files  stored  under  /var/lib/certmonger/requests,  or  in a directory
74       named by the CERTMONGER_REQUESTS_DIR environment variable.
75
76       The set of known CAs is tracked using files stored under /var/lib/cert‐
77       monger/cas,  or in a directory named by the CERTMONGER_CAS_DIR environ‐
78       ment variable.
79
80       Temporary files will be stored  in  "/var/run/certmonger",  or  in  the
81       directory  named  by the CERTMONGER_TMPDIR environment variable if that
82       value was not given at compile time.
83
84

BUGS

86       Please  file  tickets  for  any  that  you  find   at   https://fedora‐
87       hosted.org/certmonger/
88
89

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

FILES

BUGS

SEE ALSO