1certmonger(8) System Manager's Manual certmonger(8)
2
3
4
6 certmonger
7
8
10 certmonger [-s|-S] [-L|-l] [-P SOCKET] [-b TIMEOUT|-B] [-n|-f] [-d
11 LEVEL] [-p FILE] [-F] [-C cmd]
12
13
15 The certmonger daemon monitors certificates for impending expiration,
16 and can optionally refresh soon-to-be-expired certificates with the
17 help of a CA. If told to, it can drive the entire enrollment process
18 from key generation through enrollment and refresh.
19
20 The daemon provides a control interface via the org.fedorahosted.cert‐
21 monger service, with which client tools such as getcert(1) interact.
22
23
25 -s Listen on the session bus rather than the system bus.
26
27 -S Listen on the system bus rather than the session bus. This is
28 the default.
29
30 -l Also listen on a private socket for connections from clients
31 running under the same UID.
32
33 -L Listen only on a private socket for connections from clients
34 running under the same UID, and skip connecting to a bus.
35
36 -P Specify a location for the private listening socket. If the
37 location beings with a '/' character, it will be prefixed with
38 'unix:path=', otherwise it will be prefixed with 'unix:'. If
39 this option is not specified, the listening socket, if one is
40 created, will be placed in the abstract namespace.
41
42 -b TIMEOUT
43 Behave as a bus-activated service: if there are no certificates
44 to be monitored or obtained, and no requests are received within
45 TIMEOUT seconds, exit. Not compatible with the -C option.
46
47 -B Don't behave as a bus-activated service. This is the default.
48
49 -n Don't fork, and log messages to stderr rather than syslog.
50
51 -f Do fork, and log messages to syslog rather than stderr. This is
52 the default.
53
54 -d LEVEL
55 Set debugging level. Higher values produce more debugging out‐
56 put. Implies -n.
57
58 -p FILE
59 Store the daemon's process ID in the named file.
60
61 -F Force NSS to be initialized in FIPS mode. The default behavior
62 is to heed the setting stored in /proc/sys/crypto/fips_enabled.
63
64 -C cmd After the service has initialized, run the specified command,
65 then shut down the service after the command exits. If the -l
66 or -L option was also specified, the command will be run with
67 the CERTMONGER_PVT_ADDRESS environment variable set to the lis‐
68 tening socket's location. Not compatible with the -b option.
69
70
72 The set of certificates being monitored or signed is tracked using
73 files stored under /var/lib/certmonger/requests, or in a directory
74 named by the CERTMONGER_REQUESTS_DIR environment variable.
75
76 The set of known CAs is tracked using files stored under /var/lib/cert‐
77 monger/cas, or in a directory named by the CERTMONGER_CAS_DIR environ‐
78 ment variable.
79
80 Temporary files will be stored in "/var/run/certmonger", or in the
81 directory named by the CERTMONGER_TMPDIR environment variable if that
82 value was not given at compile time.
83
84
86 Please file tickets for any that you find at https://fedora‐
87 hosted.org/certmonger/
88
89
91 getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1)
92 getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-
93 remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-start-
94 tracking(1) getcert-status(1) getcert-stop-tracking(1) certmonger-cert‐
95 master-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmon‐
96 ger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-sub‐
97 mit(8) certmonger-scep-submit(8) certmonger_selinux(8)
98
99
100
101certmonger Manual 31 October 2014 certmonger(8)