certmonger-dogtag-ipa-renew-agent-submit man page on RedHat

Man page or keyword search:  
man Server   29550 pages
apropos Keyword Search (all sections)
Output format
RedHat logo
[printable version]

certmonger(8)							 certmonger(8)

NAME
       dogtag-ipa-renew-agent-submit

SYNOPSIS
       dogtag-ipa-renew-agent-submit  -E  EE-URL  -A  AGENT-URL [-d dbdir] [-n
       nickname] [-i cainfo] [-C capath] [-c certfile] [-k keyfile]  [-p  pin‐
       file]  [-P  pin] [-s serial (hex)] [-D serial (decimal)] [-S state] [-T
       profile] [-v] [csrfile]

DESCRIPTION
       dogtag-ipa-renew-agent-submit is the helper which  certmonger  uses  to
       make  certificate  renewal  requests to Dogtag instances running on IPA
       servers.	 It is not normally run interactively, but it can be for trou‐
       bleshooting purposes.

       The  preferred option is to request a renewal of an already-issued cer‐
       tificate, using its serial number, which can be read from a PEM-format‐
       ted  certificate	 provided  in  the  CERTMONGER_CERTIFICATE environment
       variable, or via the -s or -D option on the command line.  If no serial
       number  is  provided, then the client will attempt to obtain a new cer‐
       tificate by submitting a signing request to the CA.

       The signing request which is to be submitted should either be in a file
       whose name is given as an argument, or fed into dogtag-ipa-renew-agent-
       submit via stdin.

OPTIONS
       -E EE-URL
	      The top-level URL for the end-entity interface provided  by  the
	      CA.      In     IPA    installations,    this    is    typically
	      http://SERVER:EEPORT/ca/ee/ca.  If no URL is specified, the host
	      named  in the [global] section in the /etc/ipa/default.conf file
	      is used as the value of SERVER, and the value of EEPORT will  be
	      inferred	based  on  the	value  of  the	dogtag_version	in the
	      [global] section in  the	/etc/ipa/default.conf  file:  if  dog‐
	      tag_version  is  set  to 10 or more, EEPORT will be set to 8080.
	      Otherwise it will be 9180.

       -A AGENT-URL
	      The top-level URL for the agent interface provided  by  the  CA.
	      In  IPA  installations,  this is typically https://SERVER:AGENT‐
	      PORT/ca/agent/ca.	 If no URL is specified, the host named in the
	      [global]	section	 in  the /etc/ipa/default.conf file is used as
	      the value of SERVER, and the value of AGENTPORT will be inferred
	      based on the value of the dogtag_version in the [global] section
	      in the /etc/ipa/default.conf file: if dogtag_version is  set  to
	      10 or more, AGENTPORT will be set to 8443.  Otherwise it will be
	      9443.

       -d dbdir -n nickname -c certfile -k keyfile
	      The location of the key and certificate which the client	should
	      use  to authenticate to the CA's agent interface.	 Exactly which
	      values are meaningful depend on which cryptography library  your
	      copy of libcurl was linked with.

	      If  none of these options are specified, and none of the -p, -P,
	      -i, nor -C options are specified, then this set of  defaults  is
	      used:
	       -i /etc/ipa/ca.crt
	       -d /etc/httpd/alias
	       -n ipaCert
	       -p /etc/httpd/alias/pwdfile.txt

       -p pinfile
	      The  name	 of a file which contains a PIN/password which will be
	      needed in order to make use of the agent credentials.

	      If this option is not specified, and none of the -d, -n, -c, -k,
	      -P,  -i, nor -C options are specified, then this set of defaults
	      is used:
	       -i /etc/ipa/ca.crt
	       -d /etc/httpd/alias
	       -n ipaCert
	       -p /etc/httpd/alias/pwdfile.txt

       -i cainfo -C capath
	      The location of a file containing a copy of  the	CA's  certifi‐
	      cate,  against  which  the CA server's certificate will be veri‐
	      fied, or a directory containing,	among  other  things,  such  a
	      file.

	      If  these options are not specified, and none of the -d, -n, -c,
	      -k, -p, nor -P options are specified, then this set of  defaults
	      is used:
	       -i /etc/ipa/ca.crt
	       -d /etc/httpd/alias
	       -n ipaCert
	       -p /etc/httpd/alias/pwdfile.txt

       -s serial
	      The serial number of an already-issued certificate for which the
	      client should attempt to obtain a new certificate, in  hexadeci‐
	      mal form, if one can not be read from the CERTMONGER_CERTIFICATE
	      environment variable.

       -D serial
	      The serial number of an already-issued certificate for which the
	      client  should  attempt  to obtain a new certificate, in decimal
	      form, if one can not be  read  from  the	CERTMONGER_CERTIFICATE
	      environment variable.

       -S state
	      A	 cookie	 value provided by a previous instance of this helper,
	      if the helper is being asked to continue a multi-step enrollment
	      process.	 If the CERTMONGER_COOKIE environment variable is set,
	      its value is used.

       -T profile/template
	      The name of the type of  certificate  which  the	client	should
	      request from the CA if it is not renewing a certificate (per the
	      -s option above).	 The default value is caServerCert.

       -v     Increases the logging level.  Use twice for more logging.	  This
	      option is mainly useful for troubleshooting.

EXIT STATUS
       0      if the certificate was issued. The certificate will be printed.

       1      if the CA is still thinking.  A cookie value will be printed.

       2      if  the  CA  rejected  the  request.   An	 error	message may be
	      printed.

       3      if the CA was unreachable.  An error message may be printed.

       4      if critical configuration information is missing.	 An error mes‐
	      sage may be printed.

       5      if  the CA is still thinking.  A suggested poll delay (specified
	      in seconds) and a cookie value will be printed.

FILES
       /etc/ipa/default.conf
	      is the IPA client configuration file.  This file is consulted to
	      determine	 the  URL for the Dogtag server's end-entity and agent
	      interfaces if they are not supplied as arguments.

BUGS
       Please  file  tickets  for  any	that  you  find	  at   https://fedora‐
       hosted.org/certmonger/

SEE ALSO
       certmonger(8)  getcert(1)  getcert-list(1) getcert-list-cas(1) getcert-
       resubmit(1) getcert-start-tracking(1) getcert-stop-tracking(1) certmon‐
       ger-certmaster-submit(8) certmonger-ipa-submit(8)

certmonger Manual		 26 June 2012			 certmonger(8)
[top]

List of man pages available for RedHat

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net