getcert-start-tracking man page on RedHat

Man page or keyword search:  
man Server   29550 pages
apropos Keyword Search (all sections)
Output format
RedHat logo
[printable version]

certmonger(1)							 certmonger(1)

NAME
       getcert

SYNOPSIS
       getcert start-tracking [options]

DESCRIPTION
       Tells certmonger to monitor an already-issued certificate.  Optionally,
       when the certificate nears expiration, use an existing key pair (or  to
       generate one if one is not already found in the specified location), to
       generate a signing request using the key pair and to  submit  them  for
       signing to a CA.

SPECIFYING EXISTING REQUESTS
       -i NAME
	      Modify  the  request which has this nickname.  If this option is
	      not specified, and a tracking entry which matches	 the  key  and
	      certificate  storage options which are specified already exists,
	      that entry will be modified.  Otherwise, a  new  tracking	 entry
	      will be added.

KEY AND CERTIFICATE STORAGE OPTIONS
       -d DIR Use  an NSS database in the specified directory for reading this
	      certificate and, if possible, the corresponding key.

       -n NAME
	      Use the certificate with this nickname, and  if  a  private  key
	      with  the	 same nickname or which corresponds to the certificate
	      is available, to use it, too.  Only valid with -d.

       -t TOKEN
	      If the NSS database has more than one token available,  use  the
	      token  with  this	 name  for  accessing the certificate and key.
	      This argument only rarely needs to  be  specified.   Only	 valid
	      with -d.

       -f FILE
	      Read  the certificate from this file.  For safety's sake, do not
	      use the same file specified with the -k option.

       -k FILE
	      Use the key stored in this file to generate  a  signing  request
	      for  refreshing  the certificate.	 If no such file is found when
	      needed, generate a new key pair and  store  them	in  the	 file.
	      Only valid with -f.


KEY ENCRYPTION OPTIONS
       -p FILE
	      The  private  key files or databases are encrypted using the PIN
	      stored in the named file as the passphrase.

       -P PIN The private key files or databases are encrypted using the spec‐
	      ified  PIN as the passphrase.  Because command-line arguments to
	      running processes are trivially discoverable, use of this option
	      is not recommended except for testing.

TRACKING OPTIONS
       -I NAME
	      Assign  the  specified nickname to this task.  If this option is
	      not specified, a name will be assigned automatically.

       -r     Attempt to obtain a new certificate from the CA when the expira‐
	      tion date of a certificate nears.	 This is the default setting.

       -R     Don't  attempt  to obtain a new certificate from the CA when the
	      expiration date of a certificate nears.  If this option is spec‐
	      ified, an expired certificate will simply stay expired.

ENROLLMENT OPTIONS
       -c NAME
	      Enroll  with  the	 specified  CA rather than a possible default.
	      The name of the CA should correspond to one  listed  by  getcert
	      list-cas.	 Only useful in combination with -r.

       -T NAME
	      Request  a  certificate  using  the  named profile, template, or
	      certtype, from the specified CA.

SIGNING REQUEST OPTIONS
       If and when certmonger attempts to obtain a new certificate to  replace
       the  one being monitored, the values to be added to the signing request
       will be taken from the current certificate, unless preferred values are
       set using one or more of -uU, -K, -E, and -D.

       -u keyUsage
	      Add  an extensionRequest for the specified keyUsage to the sign‐
	      ing request.  The keyUsage value is expected to be one of	 these
	      names:

	      digitalSignature

	      nonRepudiation

	      keyEncipherment

	      dataEncipherment

	      keyAgreement

	      keyCertSign

	      cRLSign

	      encipherOnly

	      decipherOnly

       -U EKU Add  an  extensionRequest	 for the specified extendedKeyUsage to
	      the signing request.  The EKU value is expected to be an	object
	      identifier (OID).

       -K NAME
	      Add an extensionRequest for a subjectAltName, with the specified
	      Kerberos principal name as its value, to the signing request.

       -E EMAIL
	      Add an extensionRequest for a subjectAltName, with the specified
	      email address as its value, to the signing request.

       -D DNSNAME
	      Add an extensionRequest for a subjectAltName, with the specified
	      DNS name as its value, to the signing request.

OTHER OPTIONS
       -B command
	      When ever the certificate is saved to  the  specified  location,
	      run  the	specified command as the client user before saving the
	      certificate.

       -C command
	      When ever the certificate is saved to  the  specified  location,
	      run  the	specified  command as the client user after saving the
	      certificate.

       -v     Be verbose about errors.	Normally,  the	details	 of  an	 error
	      received	from  the  daemon will be suppressed if the client can
	      make a diagnostic suggestion.

BUGS
       Please  file  tickets  for  any	that  you  find	  at   https://fedora‐
       hosted.org/certmonger/

SEE ALSO
       certmonger(8)  getcert(1)  getcert-list(1) getcert-list-cas(1) getcert-
       request(1)  getcert-resubmit(1)	getcert-stop-tracking(1)   certmonger-
       certmaster-submit(8) certmonger-ipa-submit(8)

certmonger Manual		 14 June 2012			 certmonger(1)
[top]

List of man pages available for RedHat

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net