certmonger-certmaster-submit(8) - Linux man page

Name

certmaster-submit

Synopsis

certmaster-submit [-h serverHost] [-c cafile] [-C capath] [csrfile]

Description

certmaster-submit is the helper which certmonger uses to make requests to certmaster-based CAs. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into certmaster-submit via stdin.

Options

-h serverHost
Submit the request to the certmaster instance running on the named host. The default is localhost:51235 if a file named /var/run/certmaster.pid is found on the local system, and is read from /etc/certmaster/minion.conf if that file is not found.
-c cafile
Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by the CA whose certificate is in the named file.
-C capath
Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory.

Exit Status

  1. if the certificate was issued. The certificate will be printed.
  2. if the CA is still thinking. A cookie value will be printed.
  3. if the CA rejected the request. An error message may be printed.
  4. if the CA was unreachable. An error message may be printed.
  5. if critical configuration information is missing. An error message may be printed.

Files

/var/run/certmaster.pid
the certmaster service's PID file. Its presence is taken to indicate that this system is a CA, and that requests should be submitted to a certmaster server running on the local system.
/etc/certmaster/minion.conf
the certmaster minion configuration file. If there is no indication that the local system is a certmaster server, then this file is consulted to determine the location of the certmaster server.

Known Bugs

Checking for the existence of certmaster's PID file is a terrible way to figure out whether we're a minion or not.

Bugs

Please file tickets for any that you find at https://fedorahosted.org/certmonger/

See Also

certmonger(8) getcert(1) getcert-list(1) getcert-list-cas(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-stop-tracking(1) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-ipa-submit(8)

Referenced By

certmaster-getcert(1), getcert-request(1), ipa-getcert(1), selfsign-getcert(1)