1CERTMONGER(8) System Manager's Manual CERTMONGER(8)
2
3
4
6 local-submit
7
8
10 local-submit [-d state-directory] [-v] [csrfile]
11
12
14 local-submit is the helper which certmonger uses to implement its local
15 signer. It is not normally run interactively, but it can be for trou‐
16 bleshooting purposes. The signing request which is to be submitted
17 should either be in a file whose name is given as an argument, or fed
18 into local-submit via stdin.
19
20 The local signer is currently hard-coded to generate and use a 2048-bit
21 RSA key and a name and initial serial number based on a UUID, replacing
22 that key and certificate at roughly the midpoint of their useful life‐
23 time.
24
25 certmonger supports retrieving the list of current and previously-used
26 local CA certificates. See getcert-request(1) and getcert-resubmit(1)
27 for information about specifying where those certificates should be
28 stored.
29
30
32 -d DIR, --ca-data-directory=DIR
33 Identifies the directory which contains the local signer's pri‐
34 vate key, certificates, and other data used by the local signer.
35
36 -v, --verbose
37 Increases the verbosity of the tool's diagnostic logging.
38
39
41 0 if the certificate was issued. The new certificate will be
42 printed.
43
44 3 if the helper needs to be called again. An error message may be
45 printed.
46
47 4 if critical configuration information is missing. An error mes‐
48 sage may be printed.
49
50
52 creds is currently a PKCS#12 bundle containing the local signer's cur‐
53 rent signing key and current and previously-used signer certifi‐
54 cates. It should not be modified except by the local signer. A
55 new key is currently generated when ever a new signer certifi‐
56 cate is needed.
57
58 serial currently contains the serial number which will be used for the
59 next issued certificate. It should not be modified except by
60 the local signer.
61
62
64 Please file tickets for any that you find at https://fedora‐
65 hosted.org/certmonger/
66
67
69 certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1)
70 getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1)
71 getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1)
72 getcert-remove-ca(1) getcert-resubmit(1) getcert-start-tracking(1)
73 getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-sub‐
74 mit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dog‐
75 tag-submit(8) certmonger-ipa-submit(8) certmonger-scep-submit(8) cert‐
76 monger_selinux(8)
77
78
79
80certmonger Manual June 7, 2014 CERTMONGER(8)