1certmonger(1) General Commands Manual certmonger(1)
2
3
4
6 getcert
7
8
10 getcert list [options]
11
12
14 Queries certmonger for a list of certificates which it is monitoring or
15 attempting to obtain.
16
17
19 -c NAME
20 List only entries which use the specified CA. The name of the
21 CA should correspond to one listed by getcert list-cas.
22
23
25 -r List only entries which are either currently being enrolled or
26 refreshed.
27
28 -t List only entries which are not currently being enrolled or
29 refreshed.
30
31 -u|--utc
32 Display timestamps in UTC instead of local time.
33
34
35 -d DIR List only entries which use an NSS database in the specified
36 directory for storing the certificate.
37
38 -n NAME
39 List only tracking requests which use an NSS database and the
40 specified nickname for storing the certificate.
41
42 -f FILE
43 List only tracking requests which specify that the certificate
44 should be stored in the specified file.
45
46 -i NAME
47 List only tracking requests which use this request nickname.
48
49
51 NEED_KEY_PAIR
52 The service is about to generate a new key pair.
53
54 GENERATING_KEY_PAIR
55 The service is currently generating a new key pair.
56
57 NEED_KEY_GEN_PERMS
58 The service encountered a filesystem permission error while
59 attempting to save the newly-generated key pair.
60
61 NEED_KEY_GEN_PIN
62 The service is missing the PIN which is required to access an
63 NSS database in order to save the newly-generated key pair, or
64 it has an incorrect PIN for a database.
65
66 NEED_KEY_GEN_TOKEN
67 The service was unable to find a suitable token to use for gen‐
68 erating the new key pair.
69
70 HAVE_KEY_PAIR
71 The service has successfully generated a new key pair.
72
73 NEED_KEYINFO
74 The service needs to read information about the key pair.
75
76 READING_KEYINFO
77 The service is currently reading information about the key pair.
78
79 NEED_KEYINFO_READ_PIN
80 The service is missing the PIN which is required to access an
81 NSS database in order to read information about the newly-gener‐
82 ated key pair, or it has an incorrect PIN for a database, or has
83 an incorrect password for accessing a key stored in encrypted
84 PEM format.
85
86 NEED_KEYINFO_READ_TOKEN
87 The service was unable to find the token in which the key pair
88 is supposed to be stored.
89
90 HAVE_KEYINFO
91 The service has successfully read information about the key
92 pair.
93
94 NEED_CSR
95 The service is about to generate a new signing request.
96
97 GENERATING_CSR
98 The service is generating a signing request.
99
100 NEED_CSR_GEN_PIN
101 The service is missing the PIN which is required to access an
102 NSS database in order to use the key pair, or it has an incor‐
103 rect PIN for a database, or has an incorrect password for read‐
104 ing a key stored in encrypted PEM format.
105
106 NEED_CSR_GEN_TOKEN
107 The service was unable to find the token in which the key pair
108 is supposed to be stored.
109
110 HAVE_CSR
111 The service has successfully generated a signing request.
112
113 NEED_SCEP_DATA
114 The service is about to generate data specifically needed for
115 connecting to a CA using SCEP.
116
117 GENERATING_SCEP_DATA
118 The service is generating data specifically needed for connect‐
119 ing to a CA using SCEP.
120
121 NEED_SCEP_GEN_PIN
122 The service is missing the PIN which is required to access an
123 NSS database in order to use the key pair, or it has an incor‐
124 rect PIN for a database, or has an incorrect password for read‐
125 ing a key stored in encrypted PEM format.
126
127 NEED_SCEP_GEN_TOKEN
128 The service was unable to find the token in which the key pair
129 is supposed to be stored.
130
131 NEED_SCEP_ENCRYPTION_CERT
132 The service is waiting until it can retrieve a copy of the CA's
133 certificate before it can generate data required for connecting
134 to the CA using SCEP.
135
136 NEED_SCEP_RSA_CLIENT_KEY
137 The CA should be contacted using SCEP, but SCEP requires the
138 client key pair to be an RSA key pair, and it is not.
139
140 HAVE_SCEP_DATA
141 The service has successfully generated data for use in SCEP.
142
143 NEED_TO_SUBMIT
144 The service is about to submit a signing request to a CA for
145 signing.
146
147 SUBMITTING
148 The service is currently submitting a signing request to a CA
149 for signing.
150
151 NEED_CA
152 The service can't submit a request to a CA because it doesn't
153 know which CA to use.
154
155 CA_UNREACHABLE
156 The service was unable to contact the CA, but it will try again
157 later.
158
159 CA_UNCONFIGURED
160 The service is missing configuration which will be needed in
161 order to successfully contact the CA.
162
163 CA_REJECTED
164 The CA rejected the signing request.
165
166 CA_WORKING
167 The CA has not yet approved or rejected the request. The ser‐
168 vice will check on the status of the request later.
169
170 NEED_TO_SAVE_CERT
171 The CA approved the signing request, and the service is about to
172 save the issued certificate to the location where it has been
173 told to save it.
174
175 PRE_SAVE_CERT
176 The service is running a configured pre-saving command before
177 saving the newly-issued certificate to the location where it has
178 been told to save it.
179
180 START_SAVING_CERT
181 The service is starting to save the issued certificate to the
182 location where it has been told to save it.
183
184 SAVING_CERT
185 The service is attempting to save the issued certificate to the
186 location where it has been told to save it.
187
188 NEED_CERTSAVE_PERMS
189 The service encountered a filesystem permission error while
190 attempting to save the newly-issued certificate to the location
191 where it has been told to save it.
192
193 NEED_CERTSAVE_TOKEN
194 The service is unable to find the token in which the newly-
195 issued certificate is to be stored.
196
197 NEED_CERTSAVE_PIN
198 The service is missing the PIN which is required to access an
199 NSS database in order to save the newly-issued certificate to
200 the location where it has been told to save it.
201
202 NEED_TO_SAVE_CA_CERTS
203 The service is about to save the certificate of the issuing CA
204 to the locations where it has been told to save them.
205
206 START_SAVING_CA_CERTS
207 The service is starting to save the certificate of the issuing
208 CA to the locations where it has been told to save them.
209
210 SAVING_CA_CERTS
211 The service is saving the certificate of the issuing CA to the
212 locations where it has been told to save them.
213
214 NEED_TO_SAVE_ONLY_CA_CERTS
215 The service is about to save the certificate of the issuing CA
216 to the locations where it has been told to save them.
217
218 START_SAVING_ONLY_CA_CERTS
219 The service is starting to save the certificate of the issuing
220 CA to the locations where it has been told to save them.
221
222 SAVING_ONLY_CA_CERTS
223 The service is saving the certificate of the issuing CA to the
224 locations where it has been told to save them.
225
226 NEED_CA_CERT_SAVE_PERMS
227 NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a filesys‐
228 tem permission error while attempting to save the certificate of
229 the issuing CA to the locations where it has been told to save
230 them.
231
232 NEED_TO_READ_CERT
233 The service is about to read the issued certificate from the
234 location where it has been told to save it.
235
236 READING_CERT
237 The service is reading the issued certificate from the location
238 where it has been told to save it.
239
240 SAVED_CERT
241 The service has finished finished saving the issued certificate
242 and the issuer's certificate to the locations where it has been
243 told to save them.
244
245 POST_SAVED_CERT
246 The service is running a configured post-saving command after
247 saving the newly-issued certificate to the location where it has
248 been told to save them.
249
250 MONITORING
251 The service is monitoring the certificate and waiting for its
252 not-valid-after date to approach. This is expected to be the
253 status most often seen.
254
255 NEED_TO_NOTIFY_VALIDITY
256 The service is about to notify the system administrator that the
257 certificate's not-valid-after date is approaching.
258
259 NOTIFYING_VALIDITY
260 The service is notifying the system administrator that the cer‐
261 tificate's not-valid-after date is approaching.
262
263 NEED_TO_NOTIFY_REJECTION
264 The service is about to notify the system administrator that the
265 CA rejected the signing request.
266
267 NOTIFYING_REJECTION
268 The service is notifying the system administrator that the CA
269 rejected the signing request.
270
271 NEED_TO_NOTIFY_ISSUED_SAVE_FAILED
272 The service is needs to notify the system administrator that the
273 CA issued a certificate, but that there was a problem saving the
274 certificate to the location where the service was told to save
275 it.
276
277 NOTIFYING_ISSUED_SAVE_FAILED
278 The service is is notifying the system administrator that the CA
279 issued a certificate, but that there was a problem saving the
280 certificate to the location where the service was told to save
281 it.
282
283 NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED
284 The service is needs to notify the system administrator that the
285 CA issued a certificate, and the issued certificate was saved to
286 the location where the service has been told to save it, but
287 that there was a problem saving the CA's certificate to the
288 locations where the service was told to save it.
289
290 NOTIFYING_ISSUED_CA_SAVE_FAILED
291 The service is notifying the system administrator that the CA
292 issued a certificate, and the issued certificate was saved to
293 the location where the service has been told to save it, but
294 that there was a problem saving the CA's certificate to the
295 locations where the service was told to save it.
296
297 NEED_TO_NOTIFY_ISSUED_SAVED
298 The service is needs to notify the system administrator that the
299 CA issued a certificate and it has been saved to the location
300 where the service has been told to save it.
301
302 NOTIFYING_ISSUED_SAVED
303 The service is notifying the system administrator that the CA
304 issued a certificate and it has been saved to the location where
305 the service has been told to save it.
306
307 NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED
308 The service needs to notify the system administrator that there
309 was a problem saving the CA's certificates to the specified
310 location.
311
312 NOTIFYING_ONLY_CA_SAVE_FAILED
313 The service is notifying the system administrator that there was
314 a problem saving the CA's certificates to the specified loca‐
315 tion.
316
317 NEED_GUIDANCE
318 An unhandled error was encountered while attempting to contact
319 the CA, or there is the service has just been told to monitor a
320 certificate which does not exist and for which it has no loca‐
321 tion specified for storing a key pair that could be used to gen‐
322 erate a signing request to obtain one.
323
324 NEWLY_ADDED
325 The service has just been told to track a certificate, or to
326 generate a signing request to obtain one.
327
328 NEWLY_ADDED_START_READING_KEYINFO
329 The service has just been told to track a certificate, or to
330 generate a signing request to obtain one, and is about to check
331 if there is already a key pair present.
332
333 NEWLY_ADDED_READING_KEYINFO
334 The service has just been told to track a certificate, or to
335 generate a signing request to obtain one, and is checking if
336 there is already a key pair present.
337
338 NEWLY_ADDED_NEED_KEYINFO_READ_PIN
339 The service has just been told to track a certificate, or to
340 generate a signing request to obtain one, and was unable to
341 check if a key pair was present because it is missing the PIN
342 which is required to access an NSS database, or because it has
343 an incorrect PIN for a database.
344
345 NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN
346 The service has just been told to track a certificate, or to
347 generate a signing request to obtain one, and was unable to
348 check if a key pair was present because the token which should
349 be used for storing the key pair is not present.
350
351 NEWLY_ADDED_START_READING_CERT
352 The service has just been told to track a certificate, or to
353 generate a signing request to obtain one, and is about to check
354 if a certificate is already present in the specified location.
355
356 NEWLY_ADDED_READING_CERT
357 The service has just been told to track a certificate, or to
358 generate a signing request to obtain one, and is checking if a
359 certificate is already present in the specified location.
360
361 NEWLY_ADDED_DECIDING
362 The service has just been told to track a certificate, or to
363 generate a signing request to obtain one, and is determining its
364 next course of action.
365
366
368 Please file tickets for any that you find at https://fedora‐
369 hosted.org/certmonger/
370
371
373 certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1)
374 getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-
375 refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1)
376 getcert-resubmit(1) getcert-start-tracking(1) getcert-status(1)
377 getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-
378 dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmon‐
379 ger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8)
380 certmonger_selinux(8)
381
382
383
384certmonger Manual 28 June 2016 certmonger(1)