NAME¶

SYNOPSIS¶

DESCRIPTION¶

There is no standard authenticated method for obtaining the root certificate from certmaster CAs, so certmonger does not support retrieving trust information from them.

OPTIONS¶

-h serverHost

Submit the request to the certmaster instance running on the named host. The default is localhost:51235 if a file named /var/run/certmaster.pid is found on the local system, and is read from /etc/certmaster/minion.conf if that file is not found.

-c cafile

Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by the CA whose certificate is in the named file.

-C capath

Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory.

EXIT STATUS¶

0

if the certificate was issued. The certificate will be printed.

1

if the CA is still thinking. A cookie value will be printed.

2

if the CA rejected the request. An error message may be printed.

3

if the CA was unreachable. An error message may be printed.

4

if critical configuration information is missing. An error message may be printed.

FILES¶

/var/run/certmaster.pid

the certmaster service's PID file. Its presence is taken to indicate that this system is a CA, and that requests should be submitted to a certmaster server running on the local system.

/etc/certmaster/minion.conf

the certmaster minion configuration file. If there is no indication that the local system is a certmaster server, then this file is consulted to determine the location of the certmaster server.

KNOWN BUGS¶

BUGS¶

SEE ALSO¶