1certmonger(8)               System Manager's Manual              certmonger(8)
2
3
4

NAME

6       local-submit
7
8

SYNOPSIS

10       local-submit [-d state-directory] [-v] [csrfile]
11
12

DESCRIPTION

14       local-submit is the helper which certmonger uses to implement its local
15       signer.  It is not normally run interactively, but it can be for  trou‐
16       bleshooting  purposes.   The  signing  request which is to be submitted
17       should either be in a file whose name is given as an argument,  or  fed
18       into local-submit via stdin.
19
20       The local signer is currently hard-coded to generate and use a 2048-bit
21       RSA key and a name and initial serial number based on a UUID, replacing
22       that  key and certificate at roughly the midpoint of their useful life‐
23       time.
24
25       certmonger supports retrieving the list of current and  previously-used
26       local  CA certificates.  See getcert-request(1) and getcert-resubmit(1)
27       for information about specifying where  those  certificates  should  be
28       stored.
29
30

OPTIONS

32       -d state-directory
33              Identifies  the directory which contains the local signer's pri‐
34              vate key, certificates, and other data used by the local signer.
35
36       -v     Increases the verbosity of the tool's diagnostic logging.
37
38

EXIT STATUS

40       0      if the certificate was  issued.  The  new  certificate  will  be
41              printed.
42
43       3      if the helper needs to be called again.  An error message may be
44              printed.
45
46       4      if critical configuration information is missing.  An error mes‐
47              sage may be printed.
48
49

FILES

51       creds  is currently a PKCS#12 bundle containing the local signer's cur‐
52              rent signing key and current and previously-used signer certifi‐
53              cates.  It should not be modified except by the local signer.  A
54              new key is currently generated when ever a new  signer  certifi‐
55              cate is needed.
56
57       serial currently  contains the serial number which will be used for the
58              next issued certificate.  It should not be  modified  except  by
59              the local signer.
60
61

BUGS

63       Please   file   tickets  for  any  that  you  find  at  https://fedora
64       hosted.org/certmonger/
65
66

SEE ALSO

68       certmonger(8)   getcert(1)   getcert-add-ca(1)   getcert-add-scep-ca(1)
69       getcert-list-cas(1)   getcert-list(1)   getcert-modify-ca(1)   getcert-
70       refresh-ca(1) getcert-refresh(1) getcert-rekey(1)  getcert-remove-ca(1)
71       getcert-resubmit(1)     getcert-start-tracking(1)     getcert-status(1)
72       getcert-stop-tracking(1)  certmonger-certmaster-submit(8)   certmonger-
73       dogtag-ipa-renew-agent-submit(8)  certmonger-dogtag-submit(8)  certmon‐
74       ger-ipa-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
75
76
77
78certmonger Manual                 7 June 2014                    certmonger(8)
Impressum