Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-RELEASE FreeBSD 15.0-RELEASE and Ports FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 15.0 FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.7 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

CERTMONGER(1)		    General Commands Manual		 CERTMONGER(1)

NAME
       getcert

SYNOPSIS
       getcert request [options]

DESCRIPTION
       Tells certmonger	to use an existing key pair (or	to generate one	if one
       is  not already found in	the specified location), to generate a signing
       request using the key pair, and to submit them for signing to a CA.

KEY AND	CERTIFICATE STORAGE OPTIONS
       -d DIR, --dbdir=DIR
	      Use an NSS database in the specified directory for storing  this
	      certificate and key.

       -n NAME,	--nickname=NAME
	      Use  the key with	this nickname to generate the signing request.
	      If no such key is	found, generate	one.  Give the	enrolled  cer-
	      tificate this nickname, too.  Only valid with -d.

       -t TOKEN, --token=TOKEN
	      If  the  NSS database has	more than one token available, use the
	      token with this name for storing and accessing  the  certificate
	      and key.	This argument only rarely needs	to be specified.  Only
	      valid with -d.

       -f FILE,	--certfile=FILE
	      Store  the  issued certificate in	this file.  For	safety's sake,
	      do not use the same file specified with the -k option.

       -k FILE,	--keyfile=FILE
	      Use the key stored in this file to generate the signing request.
	      If no such file is found,	generate a new key pair	and store them
	      in the file.  Only valid with -f.

KEY ENCRYPTION OPTIONS
       -p FILE,	--pinfile=FILE
	      Encrypt private key files	or databases using the PIN  stored  in
	      the named	file as	the passphrase.

       -P PIN, --pin=PIN
	      Encrypt  private	key files or databases using the specified PIN
	      as the passphrase.  Because command-line	arguments  to  running
	      processes	 are trivially discoverable, use of this option	is not
	      recommended except for testing.

KEY GENERATION OPTIONS
       -G TYPE,	--key-type=TYPE
	      In case a	new key	pair needs to be generated, this option	speci-
	      fies the type of the keys	to be generated.  If not specified,  a
	      reasonable default (currently RSA) will be used.

       -g BITS,	--key-size=BITS
	      In case a	new key	pair needs to be generated, this option	speci-
	      fies  the	 size  of the key.  If not specified, a	reasonable de-
	      fault (currently 2048 bits) will be used.	See certmonger.conf(5)
	      for configuration	of the default.

TRACKING OPTIONS
       -r, --renew
	      Attempt to obtain	a new certificate from the CA when the expira-
	      tion date	of a certificate nears.	 This is the default setting.

       -R, --no-renew
	      Don't attempt to obtain a	new certificate	from the CA  when  the
	      expiration date of a certificate nears.  If this option is spec-
	      ified, an	expired	certificate will simply	stay expired.

       -I NAME,	--id=NAME
	      Assign  the  specified nickname to this task.  If	this option is
	      not specified, a name will be assigned automatically.

ENROLLMENT OPTIONS
       -c NAME,	--ca=NAME
	      Enroll with the specified	CA rather  than	 a  possible  default.
	      The  name	 of  the CA should correspond to one listed by getcert
	      list-cas.

       -T NAME,	--profile=NAME
	      Request a	certificate using  the	named  profile,	 template,  or
	      certtype,	from the specified CA.

       --ms-template-spec SPEC
	      Include  a  V2 Certificate Template extension in the signing re-
	      quest.  This datum includes an Object Identifier,	a  major  ver-
	      sion  number  (positive  integer)	 and an	optional minor version
	      number.  The format is: <oid>:<majorVersion>[:<minorVersion>].

       -X NAME,	--issuer=NAME
	      Request a	certificate using the named issuer from	the  specified
	      CA.

SIGNING	REQUEST	OPTIONS
       If  none	 of  -N,  -U, -K, -E, and -D are specified, a default group of
       settings	will be	used to	request	an SSL server certificate for the cur-
       rent host, with the host	Kerberos service as an additional name.

       The options -K, -E, -D and -A may be provided  multiple	times  to  set
       multiple	subjectAltName of the same type.

       -N NAME,	, --subject-name=NAME
	      Set the subject name to include in the signing request.  The de-
	      fault used is CN=hostname, where hostname	is the local hostname.

       -u keyUsage, --key-usage=keyUsage
	      Add  an extensionRequest for the specified keyUsage to the sign-
	      ing request.  The	keyUsage value is expected to be one of	 these
	      names:

	      digitalSignature

	      nonRepudiation

	      keyEncipherment

	      dataEncipherment

	      keyAgreement

	      keyCertSign

	      cRLSign

	      encipherOnly

	      decipherOnly

       -U EKU, --extended-key-usage=EKU
	      Add  an  extensionRequest	 for the specified extendedKeyUsage to
	      the signing request.  The	EKU value is expected to be an	object
	      identifier  (OID),  but some specific names are also recognized.
	      These are	some names and their associated	OID values:

	      id-kp-serverAuth 1.3.6.1.5.5.7.3.1

	      id-kp-clientAuth 1.3.6.1.5.5.7.3.2

	      id-kp-codeSigning	1.3.6.1.5.5.7.3.3

	      id-kp-emailProtection 1.3.6.1.5.5.7.3.4

	      id-kp-timeStamping 1.3.6.1.5.5.7.3.8

	      id-kp-OCSPSigning	1.3.6.1.5.5.7.3.9

	      id-pkinit-KPClientAuth 1.3.6.1.5.2.3.4

	      id-pkinit-KPKdc 1.3.6.1.5.2.3.5

	      id-ms-kp-sc-logon	1.3.6.1.4.1.311.20.2.2

       -K NAME,	--principal=NAME
	      Add an extensionRequest for a subjectAltName, with the specified
	      Kerberos principal name as its value, to the signing request.

       -E EMAIL, --email=EMAIL
	      Add an extensionRequest for a subjectAltName, with the specified
	      email address as its value, to the signing request.

       -D DNSNAME, --dns=DNSNAME
	      Add an extensionRequest for a subjectAltName, with the specified
	      DNS name as its value, to	the signing request.

       -A ADDRESS, --ip-address=ADDRESS
	      Add an extensionRequest for a subjectAltName, with the specified
	      IP address as its	value, to the signing request.

       -l FILE,	--challenge-password-file=FILE
	      Add an optional ChallengePassword	value, read from the file,  to
	      the signing request.  A ChallengePassword	is often required when
	      the CA is	accessed using SCEP.

       -L PIN, --challenge-password=PIN
	      Add  the	argument  value	 to  the  signing  request  as a Chal-
	      lengePassword attribute.	A ChallengePassword is often  required
	      when the CA is accessed using SCEP.

OTHER OPTIONS
       -B COMMAND, --before-command=COMMAND
	      When  ever the certificate or the	CA's certificates are saved to
	      the specified locations, run the specified command as the	client
	      user before saving the certificates.

       -C COMMAND, --after-command=COMMAND
	      When ever	the certificate	or the CA's certificates are saved  to
	      the specified locations, run the specified command as the	client
	      user after saving	the certificates.

       -a DIR, --ca-dbdir=DIR
	      When ever	the certificate	is saved to the	specified location, if
	      root  certificates  for  the  CA are available, save them	to the
	      specified	NSS database.

       -F FILE,	--ca-file=FILE
	      When ever	the certificate	is saved to the	specified location, if
	      root certificates	for the	CA are available, and when  the	 local
	      copies  of  the CA's root	certificates are updated, save them to
	      the specified file.

       --for-ca
	      Request a	CA certificate.

       --not-for-ca
	      Request a	non-CA certificate (the	default).

       --ca-path-length=LENGTH
	      Path length for CA certificate. Only valid with --for-ca.

       -w, --wait
	      Wait for the certificate to be issued and	saved, or for the  at-
	      tempt to obtain one to fail.

       --wait-timeout=TIMEOUT
	      Maximum time to wait for the certificate to be issued.

       -v, --verbose
	      Be  verbose about	errors.	 Normally, the details of an error re-
	      ceived from the daemon will be suppressed	if the client can make
	      a	diagnostic suggestion.

       -o OWNER, --key-owner=OWNER
	      After generation set the owner on	the private key	file or	 data-
	      base to OWNER.

       -m MODE,	--key-perms=MODE
	      After  generation	 set  the  file	permissions on the private key
	      file or database to MODE.

       -O OWNER, --cert-owner=OWNER
	      After generation set the owner on	the certificate	file or	 data-
	      base to OWNER.

       -M MODE,	--cert-perms=MODE
	      After  generation	 set  the  file	permissions on the certificate
	      file or database to MODE.

BUS OPTIONS
       -s, --session Connect to	certmonger on the session bus rather than  the
       system bus.

       -S, --system
	      Connect  to certmonger on	the system bus rather than the session
	      bus.  This is the	default.

NOTES
       Locations specified for key and certificate storage need	to be accessi-
       ble to the certmonger daemon process.  When run as a system daemon on a
       system which uses a mandatory access control mechanism such as SELinux,
       the system policy must ensure that the daemon is	allowed	to access  the
       locations  where	 certificates  and  keys  that	it will	manage will be
       stored (these locations are typically labeled as	cert_t or  an  equiva-
       lent).	 More	SELinux-specific  information  can  be	found  in  the
       selinux.txt documentation file for this package.

BUGS
       Please  file  tickets  for  any	that  you  find	  at   https://fedora-
       hosted.org/certmonger/

SEE ALSO
       certmonger(8)   getcert(1)   getcert-add-ca(1)	getcert-add-scep-ca(1)
       getcert-list-cas(1)  getcert-list(1)  getcert-modify-ca(1)  getcert-re-
       fresh-ca(1)  getcert-refresh(1)	getcert-rekey(1)  getcert-remove-ca(1)
       getcert-resubmit(1)     getcert-start-tracking(1)     getcert-status(1)
       getcert-stop-tracking(1)	   certmonger-certmaster-submit(8)    certmon-
       ger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8)	 cert-
       monger-ipa-submit(8)   certmonger-local-submit(8)  certmonger-scep-sub-
       mit(8) certmonger_selinux(8)

certmonger Manual	       February	9, 2015			 CERTMONGER(1)

---

NAME | SYNOPSIS | DESCRIPTION | KEY AND CERTIFICATE STORAGE OPTIONS | KEY ENCRYPTION OPTIONS | KEY GENERATION OPTIONS | TRACKING OPTIONS | ENROLLMENT OPTIONS | SIGNING REQUEST OPTIONS | OTHER OPTIONS | BUS OPTIONS | NOTES | BUGS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=getcert-request&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact