Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

certmonger.conf(5) [centos man page]

certmonger.conf(5)						File Formats Manual						certmonger.conf(5)

NAME

       certmonger.conf - configuration file for certmonger

DESCRIPTION

       The  certmonger.conf  file contains default settings used by certmonger.  Its format is more or less that of a typical INI-style file.  The
       only sections currently of note are named defaults and selfsign.

DEFAULTS

       Within the defaults section, these variables and values are recognized:

       notify_ttls
	      This is the list of times, given in seconds, before a certificate's not-after validity date (often referred  to  as  its	expiration
	      time)  when  certmonger  should  warn that the certificate will soon no longer be valid.	If this value is not specified, certmonger
	      will attempt to use the value of the ttls setting.  The default list of values is "2419200, 604800, 259200, 172800, 86400".

       enroll_ttls
	      This is the list of times, given in seconds, before a certificate's not-after validity date (often referred  to  as  its	expiration
	      time)  when  certmonger  should  attempt to automatically renew the certificate, if it is configured to do so.  If this value is not
	      specified, certmonger will attempt to use the value of the ttls setting.	The default list of values is  "2419200,  604800,  259200,
	      172800, 86400".

       notification_method
	      This is the method by which certmonger will notify the system administrator that a certificate will soon become invalid.	The recog-
	      nized values are syslog, mail, and command.  The default is syslog.  When sending mail, the notification message will  be  the  mail
	      message  subject.   When invoking a command, the notification message will be available in the "CERTMONGER_NOTIFICATION" environment
	      variable.

       notification_destination
	      This is the destination to which certmonger will send notifications.  It can be a syslog priority and/or facility,  separated  by  a
	      period, it can be an email address, or it can be a command to run.  The default value is daemon.notice.

       symmetric_cipher
	      This  is	the symmetric cipher which will be used to encrypt private keys stored in OpenSSL's PEM format.  Recognized values include
	      aes128 and aes256.  The default is aes128.  It is not recommended that this value be changed except in cases where  the  default	is
	      incompatible with other software.

       digest This  is the digest algorithm which will be used when signing certificate signing requests and self-signed certificates.	Recognized
	      values include sha1, sha256, sha384, and sha512.	The default is sha256.	It is not recommended that this value be changed except in
	      cases where the default is incompatible with other software.

SELFSIGN

       Within the selfsign section, these variables and values are recognized:

       validity_period
	      This  is	the  validity period given to self-signed certificates.  The value is specified as a combination of years (y), months (M),
	      weeks (w), days (d), hours (h), minutes (m), and/or seconds (s).	If no unit of time is specified, seconds are assumed.  The default
	      value is 1y.

       populate_unique_id
	      This  controls  whether  or not self-signed certificates will have their subjectUniqueID and issuerUniqueID fields populated.  While
	      RFC5280 prohibits their use, they may be needed and/or used by older applications.  The default value is no.

BUGS

       Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

       certmonger(8) certmonger_selinux(8)

certmonger Manual						   19 April 2012						certmonger.conf(5)

Check Out this Related Man Page

certmonger(8)						      System Manager's Manual						     certmonger(8)

NAME

       certmonger

SYNOPSIS

       certmonger [-s|-S] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL] [-p FILE] [-F]

DESCRIPTION

       The  certmonger	daemon monitors certificates for impending expiration, and can optionally refresh soon-to-be-expired certificates with the
       help of a CA.  If told to, it can drive the entire enrollment process from key generation through enrollment and refresh.

       The daemon provides a control interface via the org.fedorahosted.certmonger service, with which client tools such as getcert(1) interact.

OPTIONS

       -s     Listen on the session bus rather than the system bus.

       -S     Listen on the system bus rather than the session bus.  This is the default.

       -b TIMEOUT
	      Behave as a bus-activated service: if there are no certificates to be monitored or obtained, and no requests received within TIMEOUT
	      seconds, exit.

       -B     Don't behave as a bus-activated service.	This is the default.

       -n     Don't fork, and log messages to stderr rather than syslog.

       -f     Do fork, and log messages to syslog rather than stderr.  This is the default.

       -d LEVEL
	      Set debugging level.  Higher values produce more debugging output.  Implies -n.

       -p FILE
	      Store the daemon's process ID in the named file.

       -F     Force NSS to be initialized in FIPS mode.  The default behavior is to heed the setting stored in /proc/sys/crypto/fips_enabled.

FILES

       The set of certificates being monitored or signed is tracked using files stored under /var/lib/certmonger/requests, or in a directory named
       by the CERTMONGER_REQUESTS_DIR environment variable.

       The set of known CAs is tracked using files stored under /var/lib/certmonger/cas, or in a directory named by the  CERTMONGER_CAS_DIR  envi-
       ronment variable.

       Temporary  files  will  be stored in "/var/run/certmonger", or in the directory named by the CERTMONGER_TMPDIR environment variable if that
       value was not given at compile time.

BUGS

       Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

       getcert(1) getcert-list(1) getcert-list-cas(1) getcert-request(1) getcert-start-tracking(1) getcert-stop-tracking(1) certmonger-certmaster-
       submit(8) certmonger-ipa-submit(8) certmonger_selinux(8)

certmonger Manual						 28 November 2012						     certmonger(8)
Man Page