Provided by: certmonger_0.74-0ubuntu1_amd64 bug

NAME
       ipa-submit


SYNOPSIS
       ipa-submit   [-h   serverHost]  [-H  serverURL]  [-c  cafile]  [-C  capath]  [[-K]   |  [-t  keytab]  [-k
       submitterPrincipal]] [-P principalOfRequest] [csrfile]


DESCRIPTION
       ipa-submit is the helper which certmonger uses to make requests to IPA-based CAs.  It is not normally run
       interactively, but it can be for troubleshooting purposes.  The signing request which is to be  submitted
       should either be in a file whose name is given as an argument, or fed into ipa-submit via stdin.


OPTIONS
       -P csrPrincipal
              Identifies  the  principal  name  of  the service for which the certificate is being issued.  This
              setting is required by IPA and must always be specified.

       -h serverHost
              Submit the request to the IPA server running on the named  host.   The  default  is  to  read  the
              location of the host from /etc/ipa/default.conf.

       -H serverURL
              Submit  the  request  to  the  IPA  server  at the specified location.  The default is to read the
              location of the host from /etc/ipa/default.conf.

       -c cafile
              The server's certificate was issued by the CA whose certificate is in the named file.  The default
              value is /etc/ipa/ca.crt.

       -C capath
              Trust the server if its certificate was issued by a CA whose certificate is in a file in the named
              directory.  There is no default for this option, and it is not expected to be necessary.

       -t keytab
              Authenticate to the IPA server using credentials derived from keys stored  in  the  named  keytab.
              The default value can vary, but it is usually /etc/krb5.keytab.  This option conflicts with the -K
              option.

       -k authPrincipal
              Authenticate  to the IPA server using credentials derived from keys stored in the named keytab for
              this principal name.  The default value is the host service for the local host in the local realm.
              This option conflicts with the -K option.

       -K     Authenticate to the IPA server using credentials derived from the default credential cache  rather
              than a keytab.  This option conflicts with the -k option.


EXIT STATUS
       0      if the certificate was issued. The certificate will be printed.

       1      if the CA is still thinking.  A cookie value will be printed.

       2      if the CA rejected the request.  An error message may be printed.

       3      if the CA was unreachable.  An error message may be printed.

       4      if critical configuration information is missing.  An error message may be printed.


FILES
       /etc/ipa/default.conf
              is  the  IPA  client  configuration file.  This file is consulted to determine the URL for the IPA
              server's XML-RPC interface.


BUGS
       Please file tickets for any that you find at https://fedorahosted.org/certmonger/


SEE ALSO
       certmonger(8)   getcert(1)   getcert-list(1)   getcert-list-cas(1)   getcert-resubmit(1)   getcert-start-
       tracking(1)  getcert-stop-tracking(1)  certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-certmaster-
       submit(8) certmonger_selinux(8)

certmonger Manual                                  7 June 2010                                     certmonger(8)