Provided by: certmonger_0.74-0ubuntu1_amd64
certmonger [-s|-S] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL] [-p FILE] [-F]
The certmonger daemon monitors certificates for impending expiration, and can optionally refresh soon-to-be-expired certificates with the help of a CA. If told to, it can drive the entire enrollment process from key generation through enrollment and refresh. The daemon provides a control interface via the org.fedorahosted.certmonger service, with which client tools such as getcert(1) interact.
-s Listen on the session bus rather than the system bus. -S Listen on the system bus rather than the session bus. This is the default. -b TIMEOUT Behave as a bus-activated service: if there are no certificates to be monitored or obtained, and no requests received within TIMEOUT seconds, exit. -B Don't behave as a bus-activated service. This is the default. -n Don't fork, and log messages to stderr rather than syslog. -f Do fork, and log messages to syslog rather than stderr. This is the default. -d LEVEL Set debugging level. Higher values produce more debugging output. Implies -n. -p FILE Store the daemon's process ID in the named file. -F Force NSS to be initialized in FIPS mode. The default behavior is to heed the setting stored in /proc/sys/crypto/fips_enabled.
The set of certificates being monitored or signed is tracked using files stored under /var/lib/certmonger/requests, or in a directory named by the CERTMONGER_REQUESTS_DIR environment variable. The set of known CAs is tracked using files stored under /var/lib/certmonger/cas, or in a directory named by the CERTMONGER_CAS_DIR environment variable. Temporary files will be stored in "/var/run/certmonger", or in the directory named by the CERTMONGER_TMPDIR environment variable if that value was not given at compile time.
Please file tickets for any that you find at https://fedorahosted.org/certmonger/