Provided by: certmonger_0.78.6-2_i386 bug

NAME

       getcert

SYNOPSIS

       getcert resubmit [options]

DESCRIPTION

       Tells  certmonger  to  generate  (or  regenerate) a signing request and
       submit (or resubmit) the signing request to a CA for signing.

SPECIFYING REQUESTS BY NICKNAME

       -i NAME
              Resubmit a signing request for the tracking  request  which  has
              this  nickname.  If this option is not specified, and a tracking
              entry which matches the  key  and  certificate  storage  options
              which are specified already exists, that entry will be used.  If
              not  specified,  the  location  of  the  certificate  should  be
              specified with either a combination of the -d and -n options, or
              with the -f option.

SPECIFYING REQUESTS BY CERTIFICATE LOCATION

       -d DIR The  certificate  is  in  the  NSS  database  in  the  specified
              directory.

       -n NAME
              The  certificate  in  the  NSS  database  named  with -d has the
              specified nickname.  Only valid with -d.

       -t TOKEN
              If the NSS database has  more  than  one  token  available,  the
              certificate  is stored in this token.  This argument only rarely
              needs to be specified.  Only valid with -d.

       -f FILE
              The certificate is stored in the named file.

ENROLLMENT OPTIONS

       -c NAME
              Submit the new signing request to the specified CA  rather  than
              the  one  which was previously associated with this certificate.
              The name of the CA should correspond to one  listed  by  getcert
              list-cas.

       -T NAME
              Request  a  certificate  using  the  named profile, template, or
              certtype, from the specified CA.

       -I NAME
              Assign the  specified  nickname  to  this  task,  replacing  the
              previous nickname.

SIGNING REQUEST OPTIONS

       -N NAME
              Change the subject name to include in the signing request.

       -u keyUsage
              Add  an  extensionRequest  for  the  specified  keyUsage  to the
              signing request.  The keyUsage value is expected to  be  one  of
              these names:

              digitalSignature

              nonRepudiation

              keyEncipherment

              dataEncipherment

              keyAgreement

              keyCertSign

              cRLSign

              encipherOnly

              decipherOnly

       -U EKU Change    the    extendedKeyUsage    value   specified   in   an
              extendedKeyUsage  extension   part   of   the   extensionRequest
              attribute  in the signing request.  The EKU value is expected to
              be an object identifier (OID).

       -K NAME
              Change the Kerberos  principal  name  specified  as  part  of  a
              subjectAltName  extension part of the extensionRequest attribute
              in the signing request.

       -E EMAIL
              Change the email address specified as part of  a  subjectAltName
              extension  part of the extensionRequest attribute in the signing
              request.

       -D DNSNAME
              Change the DNS  name  specified  as  part  of  a  subjectAltName
              extension  part of the extensionRequest attribute in the signing
              request.

       -A ADDRESS
              Change the IP address specified  as  part  of  a  subjectAltName
              extension  part of the extensionRequest attribute in the signing
              request.

       -l FILE
              Add an optional ChallengePassword value, read from the file,  to
              the signing request.  A ChallengePassword is often required when
              the CA is accessed using SCEP.

       -L PIN Add  the  argument  value  to   the   signing   request   as   a
              ChallengePassword   attribute.   A  ChallengePassword  is  often
              required when the CA is accessed using SCEP.

OTHER OPTIONS

       -B COMMAND
              When ever the certificate or the CA's certificates are saved  to
              the specified locations, run the specified command as the client
              user before saving the certificates.

       -C COMMAND
              When ever the certificate or the CA's certificates are saved  to
              the specified locations, run the specified command as the client
              user after saving the certificates.

       -a DIR When ever the certificate is saved to the specified location, if
              root  certificates  for  the  CA are available, save them to the
              specified NSS database.

       -F FILE
              When ever the certificate is saved to the specified location, if
              root  certificates  for the CA are available, and when the local
              copies of the CA's root certificates are updated, save  them  to
              the specified file.

       -w     Wait  for  the  certificate to be reissued and saved, or for the
              attempt to obtain one to fail.

       -v     Be verbose about errors.  Normally,  the  details  of  an  error
              received  from  the  daemon will be suppressed if the client can
              make a diagnostic suggestion.

BUGS

       Please    file    tickets    for    any    that     you     find     at
       https://fedorahosted.org/certmonger/

SEE ALSO

       certmonger(8)   getcert(1)   getcert-add-ca(1)   getcert-add-scep-ca(1)
       getcert-list-cas(1)   getcert-list(1)   getcert-modify-ca(1)   getcert-
       refresh-ca(1)    getcert-refresh(1)    getcert-remove-ca(1)    getcert-
       request(1)  getcert-start-tracking(1)  getcert-status(1)  getcert-stop-
       tracking(1)    certmonger-certmaster-submit(8)   certmonger-dogtag-ipa-
       renew-agent-submit(8)    certmonger-dogtag-submit(8)    certmonger-ipa-
       submit(8)      certmonger-local-submit(8)     certmonger-scep-submit(8)
       certmonger_selinux(8)