Provided by: certmonger_0.78.6-3_amd64 bug

NAME
       getcert


SYNOPSIS
       getcert resubmit [options]


DESCRIPTION
       Tells  certmonger  to  generate (or regenerate) a signing request and submit (or resubmit)
       the signing request to a CA for signing.


SPECIFYING REQUESTS BY NICKNAME
       -i NAME
              Resubmit a signing request for the tracking request which has  this  nickname.   If
              this  option  is  not  specified,  and  a  tracking entry which matches the key and
              certificate storage options which are specified already exists, that entry will  be
              used.   If  not specified, the location of the certificate should be specified with
              either a combination of the -d and -n options, or with the -f option.


SPECIFYING REQUESTS BY CERTIFICATE LOCATION
       -d DIR The certificate is in the NSS database in the specified directory.

       -n NAME
              The certificate in the NSS database named with -d has the specified nickname.  Only
              valid with -d.

       -t TOKEN
              If the NSS database has more than one token available, the certificate is stored in
              this token.  This argument only rarely needs to be specified.  Only valid with -d.

       -f FILE
              The certificate is stored in the named file.


ENROLLMENT OPTIONS
       -c NAME
              Submit the new signing request to the specified CA rather than the  one  which  was
              previously  associated with this certificate.  The name of the CA should correspond
              to one listed by getcert list-cas.

       -T NAME
              Request a certificate using the named profile,  template,  or  certtype,  from  the
              specified CA.

       -I NAME
              Assign the specified nickname to this task, replacing the previous nickname.


SIGNING REQUEST OPTIONS
       -N NAME
              Change the subject name to include in the signing request.

       -u keyUsage
              Add  an  extensionRequest  for  the specified keyUsage to the signing request.  The
              keyUsage value is expected to be one of these names:

              digitalSignature

              nonRepudiation

              keyEncipherment

              dataEncipherment

              keyAgreement

              keyCertSign

              cRLSign

              encipherOnly

              decipherOnly

       -U EKU Change the extendedKeyUsage value specified in an extendedKeyUsage  extension  part
              of  the  extensionRequest  attribute  in  the  signing  request.   The EKU value is
              expected to be an object identifier (OID).

       -K NAME
              Change the Kerberos principal name specified as part of a subjectAltName  extension
              part of the extensionRequest attribute in the signing request.

       -E EMAIL
              Change  the  email  address specified as part of a subjectAltName extension part of
              the extensionRequest attribute in the signing request.

       -D DNSNAME
              Change the DNS name specified as part of a subjectAltName  extension  part  of  the
              extensionRequest attribute in the signing request.

       -A ADDRESS
              Change  the  IP address specified as part of a subjectAltName extension part of the
              extensionRequest attribute in the signing request.

       -l FILE
              Add an optional ChallengePassword  value,  read  from  the  file,  to  the  signing
              request.  A ChallengePassword is often required when the CA is accessed using SCEP.

       -L PIN Add  the argument value to the signing request as a ChallengePassword attribute.  A
              ChallengePassword is often required when the CA is accessed using SCEP.


OTHER OPTIONS
       -B COMMAND
              When ever the certificate or the CA's  certificates  are  saved  to  the  specified
              locations,  run  the  specified  command  as  the  client  user  before  saving the
              certificates.

       -C COMMAND
              When ever the certificate or the CA's  certificates  are  saved  to  the  specified
              locations,  run  the  specified  command  as  the  client  user  after  saving  the
              certificates.

       -a DIR When ever the certificate is saved to the specified location, if root  certificates
              for the CA are available, save them to the specified NSS database.

       -F FILE
              When  ever the certificate is saved to the specified location, if root certificates
              for the CA are available, and when the local copies of the CA's  root  certificates
              are updated, save them to the specified file.

       -w     Wait for the certificate to be reissued and saved, or for the attempt to obtain one
              to fail.

       -v     Be verbose about errors.  Normally, the details  of  an  error  received  from  the
              daemon will be suppressed if the client can make a diagnostic suggestion.


BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/


SEE ALSO
       certmonger(8)   getcert(1)  getcert-add-ca(1)  getcert-add-scep-ca(1)  getcert-list-cas(1)
       getcert-list(1)  getcert-modify-ca(1)  getcert-refresh-ca(1)  getcert-refresh(1)  getcert-
       remove-ca(1)  getcert-request(1) getcert-start-tracking(1) getcert-status(1) getcert-stop-
       tracking(1)  certmonger-certmaster-submit(8)   certmonger-dogtag-ipa-renew-agent-submit(8)
       certmonger-dogtag-submit(8)       certmonger-ipa-submit(8)      certmonger-local-submit(8)
       certmonger-scep-submit(8) certmonger_selinux(8)