1certmonger(8) System Manager's Manual certmonger(8)
2
3
4
6 certmaster-submit
7
8
10 certmaster-submit [-h serverHost] [-c cafile] [-C capath] [csrfile]
11
12
14 certmaster-submit is the helper which certmonger uses to make requests
15 to certmaster-based CAs. It is not normally run interactively, but it
16 can be for troubleshooting purposes. The signing request which is to
17 be submitted should either be in a file whose name is given as an argu‐
18 ment, or fed into certmaster-submit via stdin.
19
20 There is no standard authenticated method for obtaining the root cer‐
21 tificate from certmaster CAs, so certmonger does not support retrieving
22 trust information from them.
23
24
26 -h serverHost
27 Submit the request to the certmaster instance running on the
28 named host. The default is localhost:51235 if a file named
29 /var/run/certmaster.pid is found on the local system, and is
30 read from /etc/certmaster/minion.conf if that file is not found.
31
32 -c cafile
33 Submit the request over HTTPS instead of HTTP, and only trust
34 the server if its certificate was issued by the CA whose cer‐
35 tificate is in the named file.
36
37 -C capath
38 Submit the request over HTTPS instead of HTTP, and only trust
39 the server if its certificate was issued by a CA whose certifi‐
40 cate is in a file in the named directory.
41
42
44 0 if the certificate was issued. The certificate will be printed.
45
46 1 if the CA is still thinking. A cookie value will be printed.
47
48 2 if the CA rejected the request. An error message may be
49 printed.
50
51 3 if the CA was unreachable. An error message may be printed.
52
53 4 if critical configuration information is missing. An error mes‐
54 sage may be printed.
55
56
58 /var/run/certmaster.pid
59 the certmaster service's PID file. Its presence is taken to
60 indicate that this system is a CA, and that requests should be
61 submitted to a certmaster server running on the local system.
62
63 /etc/certmaster/minion.conf
64 the certmaster minion configuration file. If there is no indi‐
65 cation that the local system is a certmaster server, then this
66 file is consulted to determine the location of the certmaster
67 server.
68
69
71 Checking for the existence of certmaster's PID file is a terrible way
72 to figure out whether we're a minion or not.
73
74
76 Please file tickets for any that you find at https://fedora‐
77 hosted.org/certmonger/
78
79
81 certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1)
82 getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-
83 refresh-ca(1) getcert-remove-ca(1) getcert-resubmit(1) getcert-start-
84 tracking(1) getcert-status(1) getcert-stop-tracking(1) certmonger-dog‐
85 tag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-
86 ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8)
87 certmonger_selinux(8)
88
89
90
91certmonger Manual 7 June 2010 certmonger(8)