1CERTMONGER(1) General Commands Manual CERTMONGER(1)
2
6 getcert
7
10 getcert list [options]
11
14 Queries certmonger for a list of certificates which it is monitoring or
15 attempting to obtain.
16
19 -c NAME, --ca=NAME
20 List only entries which use the specified CA. The name of the
21 CA should correspond to one listed by getcert list-cas.
22
25 -r, --requests-only
26 List only entries which are either currently being enrolled or
27 refreshed.
28 -t, --tracking-only
30 List only entries which are not currently being enrolled or
31 refreshed.
32 -u, --utc
34 Display timestamps in UTC instead of local time.
35 -d DIR, --dbdir=DIR
38 List only entries which use an NSS database in the specified
39 directory for storing the certificate.
40 -n NAME, --nickname=NAME
42 List only tracking requests which use an NSS database and the
43 specified nickname for storing the certificate.
44 -f FILE, --certfile=FILE
46 List only tracking requests which specify that the certificate
47 should be stored in the specified file.
48 -i NAME, --id=NAME
50 List only tracking requests which use this request nickname.
51
54 NEED_KEY_PAIR
55 The service is about to generate a new key pair.
56 GENERATING_KEY_PAIR
58 The service is currently generating a new key pair.
59 NEED_KEY_GEN_PERMS
61 The service encountered a filesystem permission error while
62 attempting to save the newly-generated key pair.
63 NEED_KEY_GEN_PIN
65 The service is missing the PIN which is required to access an
66 NSS database in order to save the newly-generated key pair, or
67 it has an incorrect PIN for a database.
68 NEED_KEY_GEN_TOKEN
70 The service was unable to find a suitable token to use for gen‐
71 erating the new key pair.
72 HAVE_KEY_PAIR
74 The service has successfully generated a new key pair.
75 NEED_KEYINFO
77 The service needs to read information about the key pair.
78 READING_KEYINFO
80 The service is currently reading information about the key pair.
81 NEED_KEYINFO_READ_PIN
83 The service is missing the PIN which is required to access an
84 NSS database in order to read information about the newly-gener‐
85 ated key pair, or it has an incorrect PIN for a database, or has
86 an incorrect password for accessing a key stored in encrypted
87 PEM format.
88 NEED_KEYINFO_READ_TOKEN
90 The service was unable to find the token in which the key pair
91 is supposed to be stored.
92 HAVE_KEYINFO
94 The service has successfully read information about the key
95 pair.
96 NEED_CSR
98 The service is about to generate a new signing request.
99 GENERATING_CSR
101 The service is generating a signing request.
102 NEED_CSR_GEN_PIN
104 The service is missing the PIN which is required to access an
105 NSS database in order to use the key pair, or it has an incor‐
106 rect PIN for a database, or has an incorrect password for read‐
107 ing a key stored in encrypted PEM format.
108 NEED_CSR_GEN_TOKEN
110 The service was unable to find the token in which the key pair
111 is supposed to be stored.
112 HAVE_CSR
114 The service has successfully generated a signing request.
115 NEED_SCEP_DATA
117 The service is about to generate data specifically needed for
118 connecting to a CA using SCEP.
119 GENERATING_SCEP_DATA
121 The service is generating data specifically needed for connect‐
122 ing to a CA using SCEP.
123 NEED_SCEP_GEN_PIN
125 The service is missing the PIN which is required to access an
126 NSS database in order to use the key pair, or it has an incor‐
127 rect PIN for a database, or has an incorrect password for read‐
128 ing a key stored in encrypted PEM format.
129 NEED_SCEP_GEN_TOKEN
131 The service was unable to find the token in which the key pair
132 is supposed to be stored.
133 NEED_SCEP_ENCRYPTION_CERT
135 The service is waiting until it can retrieve a copy of the CA's
136 certificate before it can generate data required for connecting
137 to the CA using SCEP.
138 NEED_SCEP_RSA_CLIENT_KEY
140 The CA should be contacted using SCEP, but SCEP requires the
141 client key pair to be an RSA key pair, and it is not.
142 HAVE_SCEP_DATA
144 The service has successfully generated data for use in SCEP.
145 NEED_TO_SUBMIT
147 The service is about to submit a signing request to a CA for
148 signing.
149 SUBMITTING
151 The service is currently submitting a signing request to a CA
152 for signing.
153 NEED_CA
155 The service can't submit a request to a CA because it doesn't
156 know which CA to use.
157 CA_UNREACHABLE
159 The service was unable to contact the CA, but it will try again
160 later.
161 CA_UNCONFIGURED
163 The service is missing configuration which will be needed in
164 order to successfully contact the CA.
165 CA_REJECTED
167 The CA rejected the signing request.
168 CA_WORKING
170 The CA has not yet approved or rejected the request. The ser‐
171 vice will check on the status of the request later.
172 NEED_TO_SAVE_CERT
174 The CA approved the signing request, and the service is about to
175 save the issued certificate to the location where it has been
176 told to save it.
177 PRE_SAVE_CERT
179 The service is running a configured pre-saving command before
180 saving the newly-issued certificate to the location where it has
181 been told to save it.
182 START_SAVING_CERT
184 The service is starting to save the issued certificate to the
185 location where it has been told to save it.
186 SAVING_CERT
188 The service is attempting to save the issued certificate to the
189 location where it has been told to save it.
190 NEED_CERTSAVE_PERMS
192 The service encountered a filesystem permission error while
193 attempting to save the newly-issued certificate to the location
194 where it has been told to save it.
195 NEED_CERTSAVE_TOKEN
197 The service is unable to find the token in which the
198 newly-issued certificate is to be stored.
199 NEED_CERTSAVE_PIN
201 The service is missing the PIN which is required to access an
202 NSS database in order to save the newly-issued certificate to
203 the location where it has been told to save it.
204 NEED_TO_SAVE_CA_CERTS
206 The service is about to save the certificate of the issuing CA
207 to the locations where it has been told to save them.
208 START_SAVING_CA_CERTS
210 The service is starting to save the certificate of the issuing
211 CA to the locations where it has been told to save them.
212 SAVING_CA_CERTS
214 The service is saving the certificate of the issuing CA to the
215 locations where it has been told to save them.
216 NEED_TO_SAVE_ONLY_CA_CERTS
218 The service is about to save the certificate of the issuing CA
219 to the locations where it has been told to save them.
220 START_SAVING_ONLY_CA_CERTS
222 The service is starting to save the certificate of the issuing
223 CA to the locations where it has been told to save them.
224 SAVING_ONLY_CA_CERTS
226 The service is saving the certificate of the issuing CA to the
227 locations where it has been told to save them.
228 NEED_CA_CERT_SAVE_PERMS
230 NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a filesys‐
231 tem permission error while attempting to save the certificate of
232 the issuing CA to the locations where it has been told to save
233 them.
234 NEED_TO_READ_CERT
236 The service is about to read the issued certificate from the
237 location where it has been told to save it.
238 READING_CERT
240 The service is reading the issued certificate from the location
241 where it has been told to save it.
242 SAVED_CERT
244 The service has finished finished saving the issued certificate
245 and the issuer's certificate to the locations where it has been
246 told to save them.
247 POST_SAVED_CERT
249 The service is running a configured post-saving command after
250 saving the newly-issued certificate to the location where it has
251 been told to save them.
252 MONITORING
254 The service is monitoring the certificate and waiting for its
255 not-valid-after date to approach. This is expected to be the
256 status most often seen.
257 NEED_TO_NOTIFY_VALIDITY
259 The service is about to notify the system administrator that the
260 certificate's not-valid-after date is approaching.
261 NOTIFYING_VALIDITY
263 The service is notifying the system administrator that the cer‐
264 tificate's not-valid-after date is approaching.
265 NEED_TO_NOTIFY_REJECTION
267 The service is about to notify the system administrator that the
268 CA rejected the signing request.
269 NOTIFYING_REJECTION
271 The service is notifying the system administrator that the CA
272 rejected the signing request.
273 NEED_TO_NOTIFY_ISSUED_SAVE_FAILED
275 The service is needs to notify the system administrator that the
276 CA issued a certificate, but that there was a problem saving the
277 certificate to the location where the service was told to save
278 it.
279 NOTIFYING_ISSUED_SAVE_FAILED
281 The service is is notifying the system administrator that the CA
282 issued a certificate, but that there was a problem saving the
283 certificate to the location where the service was told to save
284 it.
285 NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED
287 The service is needs to notify the system administrator that the
288 CA issued a certificate, and the issued certificate was saved to
289 the location where the service has been told to save it, but
290 that there was a problem saving the CA's certificate to the
291 locations where the service was told to save it.
292 NOTIFYING_ISSUED_CA_SAVE_FAILED
294 The service is notifying the system administrator that the CA
295 issued a certificate, and the issued certificate was saved to
296 the location where the service has been told to save it, but
297 that there was a problem saving the CA's certificate to the
298 locations where the service was told to save it.
299 NEED_TO_NOTIFY_ISSUED_SAVED
301 The service is needs to notify the system administrator that the
302 CA issued a certificate and it has been saved to the location
303 where the service has been told to save it.
304 NOTIFYING_ISSUED_SAVED
306 The service is notifying the system administrator that the CA
307 issued a certificate and it has been saved to the location where
308 the service has been told to save it.
309 NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED
311 The service needs to notify the system administrator that there
312 was a problem saving the CA's certificates to the specified
313 location.
314 NOTIFYING_ONLY_CA_SAVE_FAILED
316 The service is notifying the system administrator that there was
317 a problem saving the CA's certificates to the specified loca‐
318 tion.
319 NEED_GUIDANCE
321 An unhandled error was encountered while attempting to contact
322 the CA, or there is the service has just been told to monitor a
323 certificate which does not exist and for which it has no loca‐
324 tion specified for storing a key pair that could be used to gen‐
325 erate a signing request to obtain one.
326 NEWLY_ADDED
328 The service has just been told to track a certificate, or to
329 generate a signing request to obtain one.
330 NEWLY_ADDED_START_READING_KEYINFO
332 The service has just been told to track a certificate, or to
333 generate a signing request to obtain one, and is about to check
334 if there is already a key pair present.
335 NEWLY_ADDED_READING_KEYINFO
337 The service has just been told to track a certificate, or to
338 generate a signing request to obtain one, and is checking if
339 there is already a key pair present.
340 NEWLY_ADDED_NEED_KEYINFO_READ_PIN
342 The service has just been told to track a certificate, or to
343 generate a signing request to obtain one, and was unable to
344 check if a key pair was present because it is missing the PIN
345 which is required to access an NSS database, or because it has
346 an incorrect PIN for a database.
347 NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN
349 The service has just been told to track a certificate, or to
350 generate a signing request to obtain one, and was unable to
351 check if a key pair was present because the token which should
352 be used for storing the key pair is not present.
353 NEWLY_ADDED_START_READING_CERT
355 The service has just been told to track a certificate, or to
356 generate a signing request to obtain one, and is about to check
357 if a certificate is already present in the specified location.
358 NEWLY_ADDED_READING_CERT
360 The service has just been told to track a certificate, or to
361 generate a signing request to obtain one, and is checking if a
362 certificate is already present in the specified location.
363 NEWLY_ADDED_DECIDING
365 The service has just been told to track a certificate, or to
366 generate a signing request to obtain one, and is determining its
367 next course of action.
368
371 Please file tickets for any that you find at https://fedora‐
372 hosted.org/certmonger/
373
376 certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1)
377 getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1)
378 getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1)
379 getcert-request(1) getcert-resubmit(1) getcert-start-tracking(1)
380 getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-sub‐
381 mit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dog‐
382 tag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) cert‐
383 monger-scep-submit(8) certmonger_selinux(8)
384certmonger Manual June 28, 2016 CERTMONGER(1)