certmonger-local-submit(8)

1CERTMONGER(8)               System Manager's Manual              CERTMONGER(8)
2
3
4

NAME

6       local-submit
7
8

SYNOPSIS

10       local-submit [-d state-directory] [-v] [csrfile]
11
12

DESCRIPTION

14       local-submit is the helper which certmonger uses to implement its local
15       signer.  It is not normally run interactively, but it can be for  trou‐
16       bleshooting  purposes.   The  signing  request which is to be submitted
17       should either be in a file whose name is given as an argument,  or  fed
18       into local-submit via stdin.
19
20       The local signer is currently hard-coded to generate and use a 2048-bit
21       RSA key and a name and initial serial number based on a UUID, replacing
22       that  key and certificate at roughly the midpoint of their useful life‐
23       time.
24
25       certmonger supports retrieving the list of current and  previously-used
26       local  CA certificates.  See getcert-request(1) and getcert-resubmit(1)
27       for information about specifying where  those  certificates  should  be
28       stored.
29
30

OPTIONS

32       -d DIR, --ca-data-directory=DIR
33              Identifies  the directory which contains the local signer's pri‐
34              vate key, certificates, and other data used by the local signer.
35
36       -v, --verbose
37              Increases the verbosity of the tool's diagnostic logging.
38
39

EXIT STATUS

41       0      if the certificate was  issued.  The  new  certificate  will  be
42              printed.
43
44       3      if the helper needs to be called again.  An error message may be
45              printed.
46
47       4      if critical configuration information is missing.  An error mes‐
48              sage may be printed.
49
50

FILES

52       creds  is currently a PKCS#12 bundle containing the local signer's cur‐
53              rent signing key and current and previously-used signer certifi‐
54              cates.  It should not be modified except by the local signer.  A
55              new key is currently generated when ever a new  signer  certifi‐
56              cate is needed.
57
58       serial currently  contains the serial number which will be used for the
59              next issued certificate.  It should not be  modified  except  by
60              the local signer.
61
62

BUGS

64       Please   file   tickets  for  any  that  you  find  at  https://fedora‐
65       hosted.org/certmonger/
66
67

69       certmonger(8)   getcert(1)   getcert-add-ca(1)   getcert-add-scep-ca(1)
70       getcert-list-cas(1)         getcert-list(1)        getcert-modify-ca(1)
71       getcert-refresh-ca(1)        getcert-refresh(1)        getcert-rekey(1)
72       getcert-remove-ca(1)    getcert-resubmit(1)   getcert-start-tracking(1)
73       getcert-status(1)  getcert-stop-tracking(1)  certmonger-certmaster-sub‐
74       mit(8)    certmonger-dogtag-ipa-renew-agent-submit(8)   certmonger-dog‐
75       tag-submit(8) certmonger-ipa-submit(8) certmonger-scep-submit(8)  cert‐
76       monger_selinux(8)
77
78
79
80certmonger Manual                June 7, 2014                    CERTMONGER(8)