Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
CERTMONGER(8)		    System Manager's Manual		 CERTMONGER(8)

NAME
       local-submit

SYNOPSIS
       local-submit [-d	state-directory] [-v] [csrfile]

DESCRIPTION
       local-submit is the helper which	certmonger uses	to implement its local
       signer.	 It is not normally run	interactively, but it can be for trou-
       bleshooting purposes.  The signing request which	 is  to	 be  submitted
       should  either  be in a file whose name is given	as an argument,	or fed
       into local-submit via stdin.

       The local signer	is currently hard-coded	to generate and	use a 2048-bit
       RSA key and a name and initial serial number based on a UUID, replacing
       that key	and certificate	at roughly the midpoint	of their useful	 life-
       time.

       certmonger  supports retrieving the list	of current and previously-used
       local CA	certificates.  See getcert-request(1) and  getcert-resubmit(1)
       for  information	 about	specifying  where those	certificates should be
       stored.

OPTIONS
       -d DIR, --ca-data-directory=DIR
	      Identifies the directory which contains the local	signer's  pri-
	      vate key,	certificates, and other	data used by the local signer.

       -v, --verbose
	      Increases	the verbosity of the tool's diagnostic logging.

EXIT STATUS
       0      if  the  certificate  was	 issued.  The  new certificate will be
	      printed.

       3      if the helper needs to be	called again.  An error	message	may be
	      printed.

       4      if critical configuration	information is missing.	 An error mes-
	      sage may be printed.

FILES
       creds  is currently a PKCS#12 bundle containing the local signer's cur-
	      rent signing key and current and previously-used signer certifi-
	      cates.  It should	not be modified	except by the local signer.  A
	      new key is currently generated when ever a new  signer  certifi-
	      cate is needed.

       serial currently	 contains the serial number which will be used for the
	      next issued certificate.	It should not be  modified  except  by
	      the local	signer.

BUGS
       Please	file   tickets	for  any  that	you  find  at  https://fedora-
       hosted.org/certmonger/

SEE ALSO
       certmonger(8)   getcert(1)   getcert-add-ca(1)	getcert-add-scep-ca(1)
       getcert-list-cas(1)  getcert-list(1)  getcert-modify-ca(1)  getcert-re-
       fresh-ca(1)  getcert-refresh(1)	getcert-rekey(1)  getcert-remove-ca(1)
       getcert-resubmit(1)     getcert-start-tracking(1)     getcert-status(1)
       getcert-stop-tracking(1)	   certmonger-certmaster-submit(8)    certmon-
       ger-dogtag-ipa-renew-agent-submit(8)  certmonger-dogtag-submit(8) cert-
       monger-ipa-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)

certmonger Manual		 June 7, 2014			 CERTMONGER(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=certmonger-local-submit&sektion=8&manpath=FreeBSD+Ports+15.0>

home | help