table of contents
| CERTMONGER(8) | System Manager's Manual | CERTMONGER(8) |
NAME¶
certmaster-submit
SYNOPSIS¶
certmaster-submit [-h HOST] [-c FILE] [-C DIR] [-v] [csrfile]
DESCRIPTION¶
certmaster-submit is the helper which certmonger uses to make requests to certmaster-based CAs. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into certmaster-submit via stdin.
There is no standard authenticated method for obtaining the root certificate from certmaster CAs, so certmonger does not support retrieving trust information from them.
OPTIONS¶
- -h HOST, --server-host=HOST
- Submit the request to the certmaster instance running on the named host. The default is localhost:51235 if a file named /var/run/certmaster.pid is found on the local system, and is read from /etc/certmaster/minion.conf if that file is not found.
- -c FILE, --cafile=FILE
- Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by the CA whose certificate is in the named file.
- -C DIR, --capath=DIR
- Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory.
- -v, --verbose
- Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion.
EXIT STATUS¶
- 0
- if the certificate was issued. The certificate will be printed.
- 1
- if the CA is still thinking. A cookie value will be printed.
- 2
- if the CA rejected the request. An error message may be printed.
- 3
- if the CA was unreachable. An error message may be printed.
- 4
- if critical configuration information is missing. An error message may be printed.
FILES¶
- /var/run/certmaster.pid
- the certmaster service's PID file. Its presence is taken to indicate that this system is a CA, and that requests should be submitted to a certmaster server running on the local system.
- /etc/certmaster/minion.conf
- the certmaster minion configuration file. If there is no indication that the local system is a certmaster server, then this file is consulted to determine the location of the certmaster server.
KNOWN BUGS¶
Checking for the existence of certmaster's PID file is a terrible way to figure out whether we're a minion or not.
BUGS¶
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
SEE ALSO¶
certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-list(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-status(1) getcert-stop-tracking(1) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)
| June 7, 2010 | certmonger Manual |