1CERTMONGER(8)               System Manager's Manual              CERTMONGER(8)
2
3
4

NAME

6       certmonger
7
8

SYNOPSIS

10       certmonger [-s|-S] [-L|-l] [-P PATH] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL]
11       [-p FILE] [-F] [-c command] [-v]
12
13

DESCRIPTION

15       The certmonger daemon monitors certificates for  impending  expiration,
16       and  can  optionally  refresh  soon-to-be-expired certificates with the
17       help of a CA.  If told to, it can drive the entire  enrollment  process
18       from key generation through enrollment and refresh.
19
20       The  daemon provides a control interface via the org.fedorahosted.cert‐
21       monger service, with which client tools such as getcert(1) interact.
22
23

OPTIONS

25       -s, --session
26              Listen on the session bus rather than the system bus.
27
28       -S, --system
29              Listen on the system bus rather than the session bus.   This  is
30              the default.
31
32       -l, --listening-socket
33              Also  listen  on  a  private socket for connections from clients
34              running under the same UID.
35
36       -L, --only-listening-socket
37              Listen only on a private socket  for  connections  from  clients
38              running under the same UID, and skip connecting to a bus.
39
40       -P PATH, --listening-socket-path=PATH
41              Specify  a  location  for  the private listening socket.  If the
42              location beings with a '/' character, it will be  prefixed  with
43              'unix:path=',  otherwise  it  will be prefixed with 'unix:'.  If
44              this option is not specified, the listening socket,  if  one  is
45              created, will be placed in the abstract namespace.
46
47       -b TIMEOUT, --bus-activation-timeout=TIMEOUT
48              Behave  as a bus-activated service: if there are no certificates
49              to be monitored or obtained, and no requests are received within
50              TIMEOUT seconds, exit.  Not compatible with the -c option.
51
52       -B, --no-bus-activation-timeout
53              Don't behave as a bus-activated service.  This is the default.
54
55       -n, --nofork
56              Don't fork, and log messages to stderr rather than syslog.
57
58       -f, --fork
59              Do fork, and log messages to syslog rather than stderr.  This is
60              the default.
61
62       -d LEVEL, --debug-level=LEVEL
63              Set debugging level.  Higher values produce more debugging  out‐
64              put.  Implies -n.
65
66       -p FILE, pidfile=FILE
67              Store the daemon's process ID in the named file.
68
69       -F, --fips
70              Force  NSS to be initialized in FIPS mode.  The default behavior
71              is to heed the setting stored in /proc/sys/crypto/fips_enabled.
72
73       -c COMMAND, --command=COMMAND
74              After the service has initialized, run  the  specified  command,
75              then  shut  down the service after the command exits.  If the -l
76              or -L option was also specified, the command will  be  run  with
77              the  CERTMONGER_PVT_ADDRESS environment variable set to the lis‐
78              tening socket's location.  Not compatible with the -b option.
79
80       -v, --version
81              Print version information and exit.
82
83

FILES

85       The set of certificates being monitored  or  signed  is  tracked  using
86       files  stored  under  /var/lib/certmonger/requests,  or  in a directory
87       named by the CERTMONGER_REQUESTS_DIR environment variable.
88
89       The set of known CAs is tracked using files stored under /var/lib/cert‐
90       monger/cas,  or in a directory named by the CERTMONGER_CAS_DIR environ‐
91       ment variable.
92
93       Temporary files will be stored in "/run/certmonger", or in  the  direc‐
94       tory  named by the CERTMONGER_TMPDIR environment variable if that value
95       was not given at compile time.
96
97

BUGS

99       Please  file  tickets  for  any  that  you  find   at   https://fedora
100       hosted.org/certmonger/
101
102

SEE ALSO

104       getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1)
105       getcert-list(1)       getcert-modify-ca(1)        getcert-refresh-ca(1)
106       getcert-refresh(1)         getcert-rekey(1)        getcert-remove-ca(1)
107       getcert-request(1)    getcert-resubmit(1)     getcert-start-tracking(1)
108       getcert-status(1)  getcert-stop-tracking(1)  certmonger-certmaster-sub‐
109       mit(8)   certmonger-dogtag-ipa-renew-agent-submit(8)    certmonger-dog‐
110       tag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) cert‐
111       monger-scep-submit(8) certmonger_selinux(8)
112
113
114
115certmonger Manual                June 14, 2015                   CERTMONGER(8)
Impressum