Provided by: certmonger_0.79.14+git20211010-2ubuntu1_amd64 
NAME
certmonger
SYNOPSIS
certmonger [-s|-S] [-L|-l] [-P PATH] [-b TIMEOUT|-B] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-c command] [-v]
DESCRIPTION
The certmonger daemon monitors certificates for impending expiration, and can optionally refresh
soon-to-be-expired certificates with the help of a CA. If told to, it can drive the entire enrollment
process from key generation through enrollment and refresh.
The daemon provides a control interface via the org.fedorahosted.certmonger service, with which client
tools such as getcert(1) interact.
OPTIONS
-s, --session
Listen on the session bus rather than the system bus.
-S, --system
Listen on the system bus rather than the session bus. This is the default.
-l, --listening-socket
Also listen on a private socket for connections from clients running under the same UID.
-L, --only-listening-socket
Listen only on a private socket for connections from clients running under the same UID, and skip
connecting to a bus.
-P PATH, --listening-socket-path=PATH
Specify a location for the private listening socket. If the location beings with a '/' character,
it will be prefixed with 'unix:path=', otherwise it will be prefixed with 'unix:'. If this option
is not specified, the listening socket, if one is created, will be placed in the abstract
namespace.
-b TIMEOUT, --bus-activation-timeout=TIMEOUT
Behave as a bus-activated service: if there are no certificates to be monitored or obtained, and
no requests are received within TIMEOUT seconds, exit. Not compatible with the -c option.
-B, --no-bus-activation-timeout
Don't behave as a bus-activated service. This is the default.
-n, --nofork
Don't fork, and log messages to stderr rather than syslog.
-f, --fork
Do fork, and log messages to syslog rather than stderr. This is the default.
-d LEVEL, --debug-level=LEVEL
Set debugging level. Higher values produce more debugging output. Implies -n.
-p FILE, pidfile=FILE
Store the daemon's process ID in the named file.
-F, --fips
Force NSS to be initialized in FIPS mode. The default behavior is to heed the setting stored in
/proc/sys/crypto/fips_enabled.
-c COMMAND, --command=COMMAND
After the service has initialized, run the specified command, then shut down the service after the
command exits. If the -l or -L option was also specified, the command will be run with the
CERTMONGER_PVT_ADDRESS environment variable set to the listening socket's location. Not
compatible with the -b option.
-v, --version
Print version information and exit.
FILES
The set of certificates being monitored or signed is tracked using files stored under
/var/lib/certmonger/requests, or in a directory named by the CERTMONGER_REQUESTS_DIR environment
variable.
The set of known CAs is tracked using files stored under /var/lib/certmonger/cas, or in a directory named
by the CERTMONGER_CAS_DIR environment variable.
Temporary files will be stored in "/run/certmonger", or in the directory named by the CERTMONGER_TMPDIR
environment variable if that value was not given at compile time.
BUGS
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
SEE ALSO
getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-list(1)
getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1)
getcert-request(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-status(1)
getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8)
certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8)
certmonger_selinux(8)