1certmonger(1) General Commands Manual certmonger(1)
2
6 getcert
7
10 getcert list [options]
11
14 Queries certmonger for a list of certificates which it is monitoring or
15 attempting to obtain.
16
19 -c NAME
20 List only entries which use the specified CA. The name of the
21 CA should correspond to one listed by getcert list-cas.
22
25 -r List only entries which are either currently being enrolled or
26 refreshed.
27 -t List only entries which are not currently being enrolled or
29 refreshed.
30 -d DIR List only entries which use an NSS database in the specified
33 directory for storing the certificate.
34 -n NAME
36 List only tracking requests which use an NSS database and the
37 specified nickname for storing the certificate.
38 -f FILE
40 List only tracking requests which specify that the certificate
41 should be stored in the specified file.
42 -i NAME
44 List only tracking requests which use this request nickname.
45
48 NEED_KEY_PAIR
49 The service is about to generate a new key pair.
50 GENERATING_KEY_PAIR
52 The service is currently generating a new key pair.
53 NEED_KEY_GEN_PERMS
55 The service encountered a filesystem permission error while
56 attempting to save the newly-generated key pair.
57 NEED_KEY_GEN_PIN
59 The service is missing the PIN which is required to access an
60 NSS database in order to save the newly-generated key pair, or
61 it has an incorrect PIN for a database.
62 NEED_KEY_GEN_TOKEN
64 The service was unable to find a suitable token to use for gen‐
65 erating the new key pair.
66 HAVE_KEY_PAIR
68 The service has successfully generated a new key pair.
69 NEED_KEYINFO
71 The service needs to read information about the key pair.
72 READING_KEYINFO
74 The service is currently reading information about the key pair.
75 NEED_KEYINFO_READ_PIN
77 The service is missing the PIN which is required to access an
78 NSS database in order to read information about the newly-gener‐
79 ated key pair, or it has an incorrect PIN for a database, or has
80 an incorrect password for accessing a key stored in encrypted
81 PEM format.
82 NEED_KEYINFO_READ_TOKEN
84 The service was unable to find the token in which the key pair
85 is supposed to be stored.
86 HAVE_KEYINFO
88 The service has successfully read information about the key
89 pair.
90 NEED_CSR
92 The service is about to generate a new signing request.
93 GENERATING_CSR
95 The service is generating a signing request.
96 NEED_CSR_GEN_PIN
98 The service is missing the PIN which is required to access an
99 NSS database in order to use the key pair, or it has an incor‐
100 rect PIN for a database, or has an incorrect password for read‐
101 ing a key stored in encrypted PEM format.
102 NEED_CSR_GEN_TOKEN
104 The service was unable to find the token in which the key pair
105 is supposed to be stored.
106 HAVE_CSR
108 The service has successfully generated a signing request.
109 NEED_SCEP_DATA
111 The service is about to generate data specifically needed for
112 connecting to a CA using SCEP.
113 GENERATING_SCEP_DATA
115 The service is generating data specifically needed for connect‐
116 ing to a CA using SCEP.
117 NEED_SCEP_GEN_PIN
119 The service is missing the PIN which is required to access an
120 NSS database in order to use the key pair, or it has an incor‐
121 rect PIN for a database, or has an incorrect password for read‐
122 ing a key stored in encrypted PEM format.
123 NEED_SCEP_GEN_TOKEN
125 The service was unable to find the token in which the key pair
126 is supposed to be stored.
127 NEED_SCEP_ENCRYPTION_CERT
129 The service is waiting until it can retrieve a copy of the CA's
130 certificate before it can generate data required for connecting
131 to the CA using SCEP.
132 NEED_SCEP_RSA_CLIENT_KEY
134 The CA should be contacted using SCEP, but SCEP requires the
135 client key pair to be an RSA key pair, and it is not.
136 HAVE_SCEP_DATA
138 The service has successfully generated data for use in SCEP.
139 NEED_TO_SUBMIT
141 The service is about to submit a signing request to a CA for
142 signing.
143 SUBMITTING
145 The service is currently submitting a signing request to a CA
146 for signing.
147 NEED_CA
149 The service can't submit a request to a CA because it doesn't
150 know which CA to use.
151 CA_UNREACHABLE
153 The service was unable to contact the CA, but it will try again
154 later.
155 CA_UNCONFIGURED
157 The service is missing configuration which will be needed in
158 order to successfully contact the CA.
159 CA_REJECTED
161 The CA rejected the signing request.
162 CA_WORKING
164 The CA has not yet approved or rejected the request. The ser‐
165 vice will check on the status of the request later.
166 NEED_TO_SAVE_CERT
168 The CA approved the signing request, and the service is about to
169 save the issued certificate to the location where it has been
170 told to save it.
171 PRE_SAVE_CERT
173 The service is running a configured pre-saving command before
174 saving the newly-issued certificate to the location where it has
175 been told to save it.
176 START_SAVING_CERT
178 The service is starting to save the issued certificate to the
179 location where it has been told to save it.
180 SAVING_CERT
182 The service is attempting to save the issued certificate to the
183 location where it has been told to save it.
184 NEED_CERTSAVE_PERMS
186 The service encountered a filesystem permission error while
187 attempting to save the newly-issued certificate to the location
188 where it has been told to save it.
189 NEED_CERTSAVE_TOKEN
191 The service is unable to find the token in which the newly-
192 issued certificate is to be stored.
193 NEED_CERTSAVE_PIN
195 The service is missing the PIN which is required to access an
196 NSS database in order to save the newly-issued certificate to
197 the location where it has been told to save it.
198 NEED_TO_SAVE_CA_CERTS
200 The service is about to save the certificate of the issuing CA
201 to the locations where it has been told to save them.
202 START_SAVING_CA_CERTS
204 The service is starting to save the certificate of the issuing
205 CA to the locations where it has been told to save them.
206 SAVING_CA_CERTS
208 The service is saving the certificate of the issuing CA to the
209 locations where it has been told to save them.
210 NEED_TO_SAVE_ONLY_CA_CERTS
212 The service is about to save the certificate of the issuing CA
213 to the locations where it has been told to save them.
214 START_SAVING_ONLY_CA_CERTS
216 The service is starting to save the certificate of the issuing
217 CA to the locations where it has been told to save them.
218 SAVING_ONLY_CA_CERTS
220 The service is saving the certificate of the issuing CA to the
221 locations where it has been told to save them.
222 NEED_CA_CERT_SAVE_PERMS
224 NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a filesys‐
225 tem permission error while attempting to save the certificate of
226 the issuing CA to the locations where it has been told to save
227 them.
228 NEED_TO_READ_CERT
230 The service is about to read the issued certificate from the
231 location where it has been told to save it.
232 READING_CERT
234 The service is reading the issued certificate from the location
235 where it has been told to save it.
236 SAVED_CERT
238 The service has finished finished saving the issued certificate
239 and the issuer's certificate to the locations where it has been
240 told to save them.
241 POST_SAVED_CERT
243 The service is running a configured post-saving command after
244 saving the newly-issued certificate to the location where it has
245 been told to save them.
246 MONITORING
248 The service is monitoring the certificate and waiting for its
249 not-valid-after date to approach. This is expected to be the
250 status most often seen.
251 NEED_TO_NOTIFY_VALIDITY
253 The service is about to notify the system administrator that the
254 certificate's not-valid-after date is approaching.
255 NOTIFYING_VALIDITY
257 The service is notifying the system administrator that the cer‐
258 tificate's not-valid-after date is approaching.
259 NEED_TO_NOTIFY_REJECTION
261 The service is about to notify the system administrator that the
262 CA rejected the signing request.
263 NOTIFYING_REJECTION
265 The service is notifying the system administrator that the CA
266 rejected the signing request.
267 NEED_TO_NOTIFY_ISSUED_SAVE_FAILED
269 The service is needs to notify the system administrator that the
270 CA issued a certificate, but that there was a problem saving the
271 certificate to the location where the service was told to save
272 it.
273 NOTIFYING_ISSUED_SAVE_FAILED
275 The service is is notifying the system administrator that the CA
276 issued a certificate, but that there was a problem saving the
277 certificate to the location where the service was told to save
278 it.
279 NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED
281 The service is needs to notify the system administrator that the
282 CA issued a certificate, and the issued certificate was saved to
283 the location where the service has been told to save it, but
284 that there was a problem saving the CA's certificate to the
285 locations where the service was told to save it.
286 NOTIFYING_ISSUED_CA_SAVE_FAILED
288 The service is notifying the system administrator that the CA
289 issued a certificate, and the issued certificate was saved to
290 the location where the service has been told to save it, but
291 that there was a problem saving the CA's certificate to the
292 locations where the service was told to save it.
293 NEED_TO_NOTIFY_ISSUED_SAVED
295 The service is needs to notify the system administrator that the
296 CA issued a certificate and it has been saved to the location
297 where the service has been told to save it.
298 NOTIFYING_ISSUED_SAVED
300 The service is notifying the system administrator that the CA
301 issued a certificate and it has been saved to the location where
302 the service has been told to save it.
303 NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED
305 The service needs to notify the system administrator that there
306 was a problem saving the CA's certificates to the specified
307 location.
308 NOTIFYING_ONLY_CA_SAVE_FAILED
310 The service is notifying the system administrator that there was
311 a problem saving the CA's certificates to the specified loca‐
312 tion.
313 NEED_GUIDANCE
315 An unhandled error was encountered while attempting to contact
316 the CA, or there is the service has just been told to monitor a
317 certificate which does not exist and for which it has no loca‐
318 tion specified for storing a key pair that could be used to gen‐
319 erate a signing request to obtain one.
320 NEWLY_ADDED
322 The service has just been told to track a certificate, or to
323 generate a signing request to obtain one.
324 NEWLY_ADDED_START_READING_KEYINFO
326 The service has just been told to track a certificate, or to
327 generate a signing request to obtain one, and is about to check
328 if there is already a key pair present.
329 NEWLY_ADDED_READING_KEYINFO
331 The service has just been told to track a certificate, or to
332 generate a signing request to obtain one, and is checking if
333 there is already a key pair present.
334 NEWLY_ADDED_NEED_KEYINFO_READ_PIN
336 The service has just been told to track a certificate, or to
337 generate a signing request to obtain one, and was unable to
338 check if a key pair was present because it is missing the PIN
339 which is required to access an NSS database, or because it has
340 an incorrect PIN for a database.
341 NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN
343 The service has just been told to track a certificate, or to
344 generate a signing request to obtain one, and was unable to
345 check if a key pair was present because the token which should
346 be used for storing the key pair is not present.
347 NEWLY_ADDED_START_READING_CERT
349 The service has just been told to track a certificate, or to
350 generate a signing request to obtain one, and is about to check
351 if a certificate is already present in the specified location.
352 NEWLY_ADDED_READING_CERT
354 The service has just been told to track a certificate, or to
355 generate a signing request to obtain one, and is checking if a
356 certificate is already present in the specified location.
357 NEWLY_ADDED_DECIDING
359 The service has just been told to track a certificate, or to
360 generate a signing request to obtain one, and is determining its
361 next course of action.
362
365 Please file tickets for any that you find at https://fedora‐
366 hosted.org/certmonger/
367
370 certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1)
371 getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-
372 refresh(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1)
373 getcert-start-tracking(1) getcert-status(1) getcert-stop-tracking(1)
374 certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-sub‐
375 mit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-
376 local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
377certmonger Manual 25 February 2015 certmonger(1)