1certmonger(1)               General Commands Manual              certmonger(1)
2
3
4

NAME

6       getcert
7
8

SYNOPSIS

10       getcert list [options]
11
12

DESCRIPTION

14       Queries certmonger for a list of certificates which it is monitoring or
15       attempting to obtain.
16
17

ENROLLMENT OPTIONS

19       -c NAME
20              List only entries which use the specified CA.  The name  of  the
21              CA should correspond to one listed by getcert list-cas.
22
23

LISTING OPTIONS

25       -r     List  only  entries which are either currently being enrolled or
26              refreshed.
27
28       -t     List only entries which are  not  currently  being  enrolled  or
29              refreshed.
30
31
32       -d DIR List  only  entries  which  use an NSS database in the specified
33              directory for storing the certificate.
34
35       -n NAME
36              List only tracking requests which use an NSS  database  and  the
37              specified nickname for storing the certificate.
38
39       -f FILE
40              List  only  tracking requests which specify that the certificate
41              should be stored in the specified file.
42
43       -i NAME
44              List only tracking requests which use this request nickname.
45
46

STATES

48       NEED_KEY_PAIR
49              The service is about to generate a new key pair.
50
51       GENERATING_KEY_PAIR
52              The service is currently generating a new key pair.
53
54       NEED_KEY_GEN_PERMS
55              The service encountered  a  filesystem  permission  error  while
56              attempting to save the newly-generated key pair.
57
58       NEED_KEY_GEN_PIN
59              The  service  is  missing the PIN which is required to access an
60              NSS database in order to save the newly-generated key  pair,  or
61              it has an incorrect PIN for a database.
62
63       NEED_KEY_GEN_TOKEN
64              The  service was unable to find a suitable token to use for gen‐
65              erating the new key pair.
66
67       HAVE_KEY_PAIR
68              The service has successfully generated a new key pair.
69
70       NEED_KEYINFO
71              The service needs to read information about the key pair.
72
73       READING_KEYINFO
74              The service is currently reading information about the key pair.
75
76       NEED_KEYINFO_READ_PIN
77              The service is missing the PIN which is required  to  access  an
78              NSS database in order to read information about the newly-gener‐
79              ated key pair, or it has an incorrect PIN for a database, or has
80              an  incorrect  password  for accessing a key stored in encrypted
81              PEM format.
82
83       NEED_KEYINFO_READ_TOKEN
84              The service was unable to find the token in which the  key  pair
85              is supposed to be stored.
86
87       HAVE_KEYINFO
88              The  service  has  successfully  read  information about the key
89              pair.
90
91       NEED_CSR
92              The service is about to generate a new signing request.
93
94       GENERATING_CSR
95              The service is generating a signing request.
96
97       NEED_CSR_GEN_PIN
98              The service is missing the PIN which is required  to  access  an
99              NSS  database  in order to use the key pair, or it has an incor‐
100              rect PIN for a database, or has an incorrect password for  read‐
101              ing a key stored in encrypted PEM format.
102
103       NEED_CSR_GEN_TOKEN
104              The  service  was unable to find the token in which the key pair
105              is supposed to be stored.
106
107       HAVE_CSR
108              The service has successfully generated a signing request.
109
110       NEED_SCEP_DATA
111              The service is about to generate data  specifically  needed  for
112              connecting to a CA using SCEP.
113
114       GENERATING_SCEP_DATA
115              The  service is generating data specifically needed for connect‐
116              ing to a CA using SCEP.
117
118       NEED_SCEP_GEN_PIN
119              The service is missing the PIN which is required  to  access  an
120              NSS  database  in order to use the key pair, or it has an incor‐
121              rect PIN for a database, or has an incorrect password for  read‐
122              ing a key stored in encrypted PEM format.
123
124       NEED_SCEP_GEN_TOKEN
125              The  service  was unable to find the token in which the key pair
126              is supposed to be stored.
127
128       NEED_SCEP_ENCRYPTION_CERT
129              The service is waiting until it can retrieve a copy of the  CA's
130              certificate  before it can generate data required for connecting
131              to the CA using SCEP.
132
133       NEED_SCEP_RSA_CLIENT_KEY
134              The CA should be contacted using SCEP,  but  SCEP  requires  the
135              client key pair to be an RSA key pair, and it is not.
136
137       HAVE_SCEP_DATA
138              The service has successfully generated data for use in SCEP.
139
140       NEED_TO_SUBMIT
141              The  service  is  about  to submit a signing request to a CA for
142              signing.
143
144       SUBMITTING
145              The service is currently submitting a signing request  to  a  CA
146              for signing.
147
148       NEED_CA
149              The  service  can't  submit a request to a CA because it doesn't
150              know which CA to use.
151
152       CA_UNREACHABLE
153              The service was unable to contact the CA, but it will try  again
154              later.
155
156       CA_UNCONFIGURED
157              The  service  is  missing  configuration which will be needed in
158              order to successfully contact the CA.
159
160       CA_REJECTED
161              The CA rejected the signing request.
162
163       CA_WORKING
164              The CA has not yet approved or rejected the request.   The  ser‐
165              vice will check on the status of the request later.
166
167       NEED_TO_SAVE_CERT
168              The CA approved the signing request, and the service is about to
169              save the issued certificate to the location where  it  has  been
170              told to save it.
171
172       PRE_SAVE_CERT
173              The  service  is  running a configured pre-saving command before
174              saving the newly-issued certificate to the location where it has
175              been told to save it.
176
177       START_SAVING_CERT
178              The  service  is  starting to save the issued certificate to the
179              location where it has been told to save it.
180
181       SAVING_CERT
182              The service is attempting to save the issued certificate to  the
183              location where it has been told to save it.
184
185       NEED_CERTSAVE_PERMS
186              The  service  encountered  a  filesystem  permission error while
187              attempting to save the newly-issued certificate to the  location
188              where it has been told to save it.
189
190       NEED_CERTSAVE_TOKEN
191              The  service  is  unable  to  find the token in which the newly-
192              issued certificate is to be stored.
193
194       NEED_CERTSAVE_PIN
195              The service is missing the PIN which is required  to  access  an
196              NSS  database  in  order to save the newly-issued certificate to
197              the location where it has been told to save it.
198
199       NEED_TO_SAVE_CA_CERTS
200              The service is about to save the certificate of the  issuing  CA
201              to the locations where it has been told to save them.
202
203       START_SAVING_CA_CERTS
204              The  service  is starting to save the certificate of the issuing
205              CA to the locations where it has been told to save them.
206
207       SAVING_CA_CERTS
208              The service is saving the certificate of the issuing CA  to  the
209              locations where it has been told to save them.
210
211       NEED_TO_SAVE_ONLY_CA_CERTS
212              The  service  is about to save the certificate of the issuing CA
213              to the locations where it has been told to save them.
214
215       START_SAVING_ONLY_CA_CERTS
216              The service is starting to save the certificate of  the  issuing
217              CA to the locations where it has been told to save them.
218
219       SAVING_ONLY_CA_CERTS
220              The  service  is saving the certificate of the issuing CA to the
221              locations where it has been told to save them.
222
223       NEED_CA_CERT_SAVE_PERMS
224              NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a  filesys‐
225              tem permission error while attempting to save the certificate of
226              the issuing CA to the locations where it has been told  to  save
227              them.
228
229       NEED_TO_READ_CERT
230              The  service  is  about  to read the issued certificate from the
231              location where it has been told to save it.
232
233       READING_CERT
234              The service is reading the issued certificate from the  location
235              where it has been told to save it.
236
237       SAVED_CERT
238              The  service has finished finished saving the issued certificate
239              and the issuer's certificate to the locations where it has  been
240              told to save them.
241
242       POST_SAVED_CERT
243              The  service  is  running a configured post-saving command after
244              saving the newly-issued certificate to the location where it has
245              been told to save them.
246
247       MONITORING
248              The  service  is  monitoring the certificate and waiting for its
249              not-valid-after date to approach.  This is expected  to  be  the
250              status most often seen.
251
252       NEED_TO_NOTIFY_VALIDITY
253              The service is about to notify the system administrator that the
254              certificate's not-valid-after date is approaching.
255
256       NOTIFYING_VALIDITY
257              The service is notifying the system administrator that the  cer‐
258              tificate's not-valid-after date is approaching.
259
260       NEED_TO_NOTIFY_REJECTION
261              The service is about to notify the system administrator that the
262              CA rejected the signing request.
263
264       NOTIFYING_REJECTION
265              The service is notifying the system administrator  that  the  CA
266              rejected the signing request.
267
268       NEED_TO_NOTIFY_ISSUED_SAVE_FAILED
269              The service is needs to notify the system administrator that the
270              CA issued a certificate, but that there was a problem saving the
271              certificate  to  the location where the service was told to save
272              it.
273
274       NOTIFYING_ISSUED_SAVE_FAILED
275              The service is is notifying the system administrator that the CA
276              issued  a  certificate,  but that there was a problem saving the
277              certificate to the location where the service was told  to  save
278              it.
279
280       NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED
281              The service is needs to notify the system administrator that the
282              CA issued a certificate, and the issued certificate was saved to
283              the  location  where  the  service has been told to save it, but
284              that there was a problem saving  the  CA's  certificate  to  the
285              locations where the service was told to save it.
286
287       NOTIFYING_ISSUED_CA_SAVE_FAILED
288              The  service  is  notifying the system administrator that the CA
289              issued a certificate, and the issued certificate  was  saved  to
290              the  location  where  the  service has been told to save it, but
291              that there was a problem saving  the  CA's  certificate  to  the
292              locations where the service was told to save it.
293
294       NEED_TO_NOTIFY_ISSUED_SAVED
295              The service is needs to notify the system administrator that the
296              CA issued a certificate and it has been saved  to  the  location
297              where the service has been told to save it.
298
299       NOTIFYING_ISSUED_SAVED
300              The  service  is  notifying the system administrator that the CA
301              issued a certificate and it has been saved to the location where
302              the service has been told to save it.
303
304       NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED
305              The  service needs to notify the system administrator that there
306              was a problem saving the  CA's  certificates  to  the  specified
307              location.
308
309       NOTIFYING_ONLY_CA_SAVE_FAILED
310              The service is notifying the system administrator that there was
311              a problem saving the CA's certificates to  the  specified  loca‐
312              tion.
313
314       NEED_GUIDANCE
315              An  unhandled  error was encountered while attempting to contact
316              the CA, or there is the service has just been told to monitor  a
317              certificate  which  does not exist and for which it has no loca‐
318              tion specified for storing a key pair that could be used to gen‐
319              erate a signing request to obtain one.
320
321       NEWLY_ADDED
322              The  service  has  just  been told to track a certificate, or to
323              generate a signing request to obtain one.
324
325       NEWLY_ADDED_START_READING_KEYINFO
326              The service has just been told to track  a  certificate,  or  to
327              generate  a signing request to obtain one, and is about to check
328              if there is already a key pair present.
329
330       NEWLY_ADDED_READING_KEYINFO
331              The service has just been told to track  a  certificate,  or  to
332              generate  a  signing  request  to obtain one, and is checking if
333              there is already a key pair present.
334
335       NEWLY_ADDED_NEED_KEYINFO_READ_PIN
336              The service has just been told to track  a  certificate,  or  to
337              generate  a  signing  request  to  obtain one, and was unable to
338              check if a key pair was present because it is  missing  the  PIN
339              which  is  required to access an NSS database, or because it has
340              an incorrect PIN for a database.
341
342       NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN
343              The service has just been told to track  a  certificate,  or  to
344              generate  a  signing  request  to  obtain one, and was unable to
345              check if a key pair was present because the token  which  should
346              be used for storing the key pair is not present.
347
348       NEWLY_ADDED_START_READING_CERT
349              The  service  has  just  been told to track a certificate, or to
350              generate a signing request to obtain one, and is about to  check
351              if a certificate is already present in the specified location.
352
353       NEWLY_ADDED_READING_CERT
354              The  service  has  just  been told to track a certificate, or to
355              generate a signing request to obtain one, and is checking  if  a
356              certificate is already present in the specified location.
357
358       NEWLY_ADDED_DECIDING
359              The  service  has  just  been told to track a certificate, or to
360              generate a signing request to obtain one, and is determining its
361              next course of action.
362
363

BUGS

365       Please   file   tickets  for  any  that  you  find  at  https://fedora
366       hosted.org/certmonger/
367
368

SEE ALSO

370       certmonger(8)   getcert(1)   getcert-add-ca(1)   getcert-add-scep-ca(1)
371       getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-
372       refresh(1) getcert-remove-ca(1) getcert-request(1)  getcert-resubmit(1)
373       getcert-start-tracking(1)   getcert-status(1)  getcert-stop-tracking(1)
374       certmonger-certmaster-submit(8)  certmonger-dogtag-ipa-renew-agent-sub‐
375       mit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-
376       local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
377
378
379
380certmonger Manual              25 February 2015                  certmonger(1)
Impressum