Provided by: certmonger_0.79.5-3ubuntu1_amd64 bug

NAME
       getcert


SYNOPSIS
       getcert resubmit [options]


DESCRIPTION
       Tells  certmonger  to  generate  (or  regenerate)  a signing request and submit (or resubmit) the signing
       request to a CA for signing.


SPECIFYING REQUESTS BY NICKNAME
       -i NAME
              Resubmit a signing request for the tracking request which has this nickname.  If  this  option  is
              not  specified,  and  a tracking entry which matches the key and certificate storage options which
              are specified already exists, that entry will be used.  If not  specified,  the  location  of  the
              certificate should be specified with either a combination of the -d and -n options, or with the -f
              option.


SPECIFYING REQUESTS BY CERTIFICATE LOCATION
       -d DIR The certificate is in the NSS database in the specified directory.

       -n NAME
              The certificate in the NSS database named with -d has the specified nickname.  Only valid with -d.

       -t TOKEN
              If the NSS database has more than one token available, the certificate is stored  in  this  token.
              This argument only rarely needs to be specified.  Only valid with -d.

       -f FILE
              The certificate is stored in the named file.


ENROLLMENT OPTIONS
       -c NAME
              Submit  the  new  signing  request  to  the  specified CA rather than the one which was previously
              associated with this certificate.  The name of the CA should correspond to one listed  by  getcert
              list-cas.

       -T NAME
              Request a certificate using the named profile, template, or certtype, from the specified CA.

       --ms-template-spec SPEC
              Include a V2 Certificate Template extension in the signing request.  This datum includes an Object
              Identifier, a major version number (positive integer) and an optional minor version  number.   The
              format is: <oid>:<majorVersion>[:<minorVersion>].

       -X NAME
              Request a certificate using the named issuer from the specified CA.

       -I NAME
              Assign the specified nickname to this task, replacing the previous nickname.


SIGNING REQUEST OPTIONS
       -N NAME
              Change the subject name to include in the signing request.

       -u keyUsage
              Add  an extensionRequest for the specified keyUsage to the signing request.  The keyUsage value is
              expected to be one of these names:

              digitalSignature

              nonRepudiation

              keyEncipherment

              dataEncipherment

              keyAgreement

              keyCertSign

              cRLSign

              encipherOnly

              decipherOnly

       -U EKU Change the  extendedKeyUsage  value  specified  in  an  extendedKeyUsage  extension  part  of  the
              extensionRequest  attribute  in  the  signing  request.  The EKU value is expected to be an object
              identifier (OID).

       -K NAME
              Change the Kerberos principal name specified as part of a subjectAltName  extension  part  of  the
              extensionRequest attribute in the signing request.

       -E EMAIL
              Change   the  email  address  specified  as  part  of  a  subjectAltName  extension  part  of  the
              extensionRequest attribute in the signing request.

       -D DNSNAME
              Change the DNS name specified as part of a subjectAltName extension part of  the  extensionRequest
              attribute in the signing request.

       -A ADDRESS
              Change the IP address specified as part of a subjectAltName extension part of the extensionRequest
              attribute in the signing request.

       -l FILE
              Add an optional  ChallengePassword  value,  read  from  the  file,  to  the  signing  request.   A
              ChallengePassword is often required when the CA is accessed using SCEP.

       -L PIN Add   the   argument   value   to  the  signing  request  as  a  ChallengePassword  attribute.   A
              ChallengePassword is often required when the CA is accessed using SCEP.


OTHER OPTIONS
       -B COMMAND
              When ever the certificate or the CA's certificates are saved to the specified locations,  run  the
              specified command as the client user before saving the certificates.

       -C COMMAND
              When  ever  the certificate or the CA's certificates are saved to the specified locations, run the
              specified command as the client user after saving the certificates.

       -a DIR When ever the certificate is saved to the specified location, if root certificates for the CA  are
              available, save them to the specified NSS database.

       -F FILE
              When  ever the certificate is saved to the specified location, if root certificates for the CA are
              available, and when the local copies of the CA's root certificates are updated, save them  to  the
              specified file.

       -w     Wait for the certificate to be reissued and saved, or for the attempt to obtain one to fail.

       -v     Be  verbose  about  errors.   Normally,  the  details of an error received from the daemon will be
              suppressed if the client can make a diagnostic suggestion.


BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/


SEE ALSO
       certmonger(8) getcert(1)  getcert-add-ca(1)  getcert-add-scep-ca(1)  getcert-list-cas(1)  getcert-list(1)
       getcert-modify-ca(1)   getcert-refresh-ca(1)   getcert-refresh(1)  getcert-rekey(1)  getcert-remove-ca(1)
       getcert-request(1)  getcert-start-tracking(1)  getcert-status(1)   getcert-stop-tracking(1)   certmonger-
       certmaster-submit(8)  certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-
       ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)