1CERTMONGER(8) System Manager's Manual CERTMONGER(8)
2
3
4
6 certmonger
7
8
10 certmonger [-s|-S] [-L|-l] [-P PATH] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL]
11 [-p FILE] [-F] [-c command] [-v]
12
13
15 The certmonger daemon monitors certificates for impending expiration,
16 and can optionally refresh soon-to-be-expired certificates with the
17 help of a CA. If told to, it can drive the entire enrollment process
18 from key generation through enrollment and refresh.
19
20 The daemon provides a control interface via the org.fedorahosted.cert‐
21 monger service, with which client tools such as getcert(1) interact.
22
23
25 -s, --session
26 Listen on the session bus rather than the system bus.
27
28 -S, --system
29 Listen on the system bus rather than the session bus. This is
30 the default.
31
32 -l, --listening-socket
33 Also listen on a private socket for connections from clients
34 running under the same UID.
35
36 -L, --only-listening-socket
37 Listen only on a private socket for connections from clients
38 running under the same UID, and skip connecting to a bus.
39
40 -P PATH, --listening-socket-path=PATH
41 Specify a location for the private listening socket. If the
42 location beings with a '/' character, it will be prefixed with
43 'unix:path=', otherwise it will be prefixed with 'unix:'. If
44 this option is not specified, the listening socket, if one is
45 created, will be placed in the abstract namespace.
46
47 -b TIMEOUT, --bus-activation-timeout=TIMEOUT
48 Behave as a bus-activated service: if there are no certificates
49 to be monitored or obtained, and no requests are received within
50 TIMEOUT seconds, exit. Not compatible with the -c option.
51
52 -B, --no-bus-activation-timeout
53 Don't behave as a bus-activated service. This is the default.
54
55 -n, --nofork
56 Don't fork, and log messages to stderr rather than syslog.
57
58 -f, --fork
59 Do fork, and log messages to syslog rather than stderr. This is
60 the default.
61
62 -d LEVEL, --debug-level=LEVEL
63 Set debugging level. Higher values produce more debugging out‐
64 put. Implies -n.
65
66 -p FILE, pidfile=FILE
67 Store the daemon's process ID in the named file.
68
69 -F, --fips
70 Force NSS to be initialized in FIPS mode. The default behavior
71 is to heed the setting stored in /proc/sys/crypto/fips_enabled.
72
73 -c COMMAND, --command=COMMAND
74 After the service has initialized, run the specified command,
75 then shut down the service after the command exits. If the -l
76 or -L option was also specified, the command will be run with
77 the CERTMONGER_PVT_ADDRESS environment variable set to the lis‐
78 tening socket's location. Not compatible with the -b option.
79
80 -v, --version
81 Print version information and exit.
82
83
85 The set of certificates being monitored or signed is tracked using
86 files stored under /var/lib/certmonger/requests, or in a directory
87 named by the CERTMONGER_REQUESTS_DIR environment variable.
88
89 The set of known CAs is tracked using files stored under /var/lib/cert‐
90 monger/cas, or in a directory named by the CERTMONGER_CAS_DIR environ‐
91 ment variable.
92
93 Temporary files will be stored in "/run/certmonger", or in the direc‐
94 tory named by the CERTMONGER_TMPDIR environment variable if that value
95 was not given at compile time.
96
97
99 Please file tickets for any that you find at https://fedora‐
100 hosted.org/certmonger/
101
102
104 getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1)
105 getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1)
106 getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1)
107 getcert-request(1) getcert-resubmit(1) getcert-start-tracking(1)
108 getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-sub‐
109 mit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dog‐
110 tag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) cert‐
111 monger-scep-submit(8) certmonger_selinux(8)
112
113
114
115certmonger Manual June 14, 2015 CERTMONGER(8)