certmonger-ipa-submit(8) - Linux man page
Name
ipa-submit
Synopsis
ipa-submit [-h serverHost] [-H serverURL] [-c cafile] [-C capath] [[-K] | [-t keytab] [-k
submitterPrincipal]] [-P principalOfRequest] [csrfile]
Description
ipa-submit is the helper which certmonger uses to make requests to IPA-based CAs.
It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose
name is given as an argument, or fed into ipa-submit via stdin.
Options
- -P csrPrincipal
- Identifies the principal name of the service for which the certificate is being issued. This setting is required by IPA and must always be specified.
- -h serverHost
- Submit the request to the IPA server running on the named host. The default is to read the location of the host from /etc/ipa/default.conf.
- -H serverURL
- Submit the request to the IPA server at the specified location. The default is to read the location of the host from /etc/ipa/default.conf.
- -c cafile
- The server's certificate was issued by the CA whose certificate is in the named file. The default value is /etc/ipa/ca.crt.
- -C capath
- Trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory. There is no default for this option, and it
is not expected to be necessary.
- -t keytab
- Authenticate to the IPA server using credentials derived from keys stored in the named keytab. The default value can vary, but it is usually
/etc/krb5.keytab. This option conflicts with the -K option.
- -k authPrincipal
- Authenticate to the IPA server using credentials derived from keys stored in the named keytab for this principal name. The default value is the host
service for the local host in the local realm. This option conflicts with the -K option.
- -K
- Authenticate to the IPA server using credentials derived from the default credential cache rather than a keytab. This option conflicts with the -k
option.
Exit Status
- if the certificate was issued. The certificate will be printed.
- if the CA is still thinking. A cookie value will be printed.
- if the CA rejected the request. An error message may be printed.
- if the CA was unreachable. An error message may be printed.
- if critical configuration information is missing. An error message may be printed.
Files
- /etc/ipa/default.conf
- is the IPA client configuration file. This file is consulted to determine the URL for the IPA server's XML-RPC interface.
Bugs
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
See Also
certmonger(8) getcert(1) getcert-list(1)
getcert-list-cas(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-stop-tracking(1)
certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-certmaster-submit(8)
Referenced By
certmaster-getcert(1),
getcert-request(1),
ipa-getcert(1),
selfsign-getcert(1)