getcert-list - Man Page

getcert

Synopsis

getcert list [options]

Description

Queries certmonger for a list of certificates which it is monitoring or attempting to obtain.

Enrollment Options

-c NAME, --ca=NAME

List only entries which use the specified CA.  The name of the CA should correspond to one listed by getcert list-cas.

Listing Options

-r,  --requests-only

List only entries which are either currently being enrolled or refreshed.

-t,  --tracking-only

List only entries which are not currently being enrolled or refreshed.

-u,  --utc

Display timestamps in UTC instead of local time.

-d DIR, --dbdir=DIR

List only entries which use an NSS database in the specified directory for storing the certificate.

-n NAME, --nickname=NAME

List only tracking requests which use an NSS database and the specified nickname for storing the certificate.

-f FILE, --certfile=FILE

List only tracking requests which specify that the certificate should be stored in the specified file.

-i NAME, --id=NAME

List only tracking requests which use this request nickname.

States

NEED_KEY_PAIR

The service is about to generate a new key pair.

GENERATING_KEY_PAIR

The service is currently generating a new key pair.

NEED_KEY_GEN_PERMS

The service encountered a filesystem permission error while attempting to save the newly-generated key pair.

NEED_KEY_GEN_PIN

The service is missing the PIN which is required to access an NSS database in order to save the newly-generated key pair, or it has an incorrect PIN for a database.

NEED_KEY_GEN_TOKEN

The service was unable to find a suitable token to use for generating the new key pair.

HAVE_KEY_PAIR

The service has successfully generated a new key pair.

NEED_KEYINFO

The service needs to read information about the key pair.

READING_KEYINFO

The service is currently reading information about the key pair.

NEED_KEYINFO_READ_PIN

The service is missing the PIN which is required to access an NSS database in order to read information about the newly-generated key pair, or it has an incorrect PIN for a database, or has an incorrect password for accessing a key stored in encrypted PEM format.

NEED_KEYINFO_READ_TOKEN

The service was unable to find the token in which the key pair is supposed to be stored.

HAVE_KEYINFO

The service has successfully read information about the key pair.

NEED_CSR

The service is about to generate a new signing request.

GENERATING_CSR

The service is generating a signing request.

NEED_CSR_GEN_PIN

The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format.

NEED_CSR_GEN_TOKEN

The service was unable to find the token in which the key pair is supposed to be stored.

HAVE_CSR

The service has successfully generated a signing request.

NEED_SCEP_DATA

The service is about to generate data specifically needed for connecting to a CA using SCEP.

GENERATING_SCEP_DATA

The service is generating data specifically needed for connecting to a CA using SCEP.

NEED_SCEP_GEN_PIN

The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format.

NEED_SCEP_GEN_TOKEN

The service was unable to find the token in which the key pair is supposed to be stored.

NEED_SCEP_ENCRYPTION_CERT

The service is waiting until it can retrieve a copy of the CA's certificate before it can generate data required for connecting to the CA using SCEP.

NEED_SCEP_RSA_CLIENT_KEY

The CA should be contacted using SCEP, but SCEP requires the client key pair to be an RSA key pair, and it is not.

HAVE_SCEP_DATA

The service has successfully generated data for use in SCEP.

NEED_TO_SUBMIT

The service is about to submit a signing request to a CA for signing.

SUBMITTING

The service is currently submitting a signing request to a CA for signing.

NEED_CA

The service can't submit a request to a CA because it doesn't know which CA to use.

CA_UNREACHABLE

The service was unable to contact the CA, but it will try again later.

CA_UNCONFIGURED

The service is missing configuration which will be needed in order to successfully contact the CA.

CA_REJECTED

The CA rejected the signing request.

CA_WORKING

The CA has not yet approved or rejected the request.  The service will check on the status of the request later.

NEED_TO_SAVE_CERT

The CA approved the signing request, and the service is about to save the issued certificate to the location where it has been told to save it.

PRE_SAVE_CERT

The service is running a configured pre-saving command before saving the newly-issued certificate to the location where it has been told to save it.

START_SAVING_CERT

The service is starting to save the issued certificate to the location where it has been told to save it.

SAVING_CERT

The service is attempting to save the issued certificate to the location where it has been told to save it.

NEED_CERTSAVE_PERMS

The service encountered a filesystem permission error while attempting to save the newly-issued certificate to the location where it has been told to save it.

NEED_CERTSAVE_TOKEN

The service is unable to find the token in which the newly-issued certificate is to be stored.

NEED_CERTSAVE_PIN

The service is missing the PIN which is required to access an NSS database in order to save the newly-issued certificate to the location where it has been told to save it.

NEED_TO_SAVE_CA_CERTS

The service is about to save the certificate of the issuing CA to the locations where it has been told to save them.

START_SAVING_CA_CERTS

The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them.

SAVING_CA_CERTS

The service is saving the certificate of the issuing CA to the locations where it has been told to save them.

NEED_TO_SAVE_ONLY_CA_CERTS

The service is about to save the certificate of the issuing CA to the locations where it has been told to save them.

START_SAVING_ONLY_CA_CERTS

The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them.

SAVING_ONLY_CA_CERTS

The service is saving the certificate of the issuing CA to the locations where it has been told to save them.

NEED_CA_CERT_SAVE_PERMS

NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a filesystem permission error while attempting to save the certificate of the issuing CA to the locations where it has been told to save them.

NEED_TO_READ_CERT

The service is about to read the issued certificate from the location where it has been told to save it.

READING_CERT

The service is reading the issued certificate from the location where it has been told to save it.

SAVED_CERT

The service has finished finished saving the issued certificate and the issuer's certificate to the locations where it has been told to save them.

POST_SAVED_CERT

The service is running a configured post-saving command after saving the newly-issued certificate to the location where it has been told to save them.

MONITORING

The service is monitoring the certificate and waiting for its not-valid-after date to approach.  This is expected to be the status most often seen.

NEED_TO_NOTIFY_VALIDITY

The service is about to notify the system administrator that the certificate's not-valid-after date is approaching.

NOTIFYING_VALIDITY

The service is notifying the system administrator that the certificate's not-valid-after date is approaching.

NEED_TO_NOTIFY_REJECTION

The service is about to notify the system administrator that the CA rejected the signing request.

NOTIFYING_REJECTION

The service is notifying the system administrator that the CA rejected the signing request.

NEED_TO_NOTIFY_ISSUED_SAVE_FAILED

The service is needs to notify the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it.

NOTIFYING_ISSUED_SAVE_FAILED

The service is is notifying the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it.

NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED

The service is needs to notify the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it.

NOTIFYING_ISSUED_CA_SAVE_FAILED

The service is notifying the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it.

NEED_TO_NOTIFY_ISSUED_SAVED

The service is needs to notify the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it.

NOTIFYING_ISSUED_SAVED

The service is notifying the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it.

NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED

The service needs to notify the system administrator that there was a problem saving the CA's certificates to the specified location.

NOTIFYING_ONLY_CA_SAVE_FAILED

The service is notifying the system administrator that there was a problem saving the CA's certificates to the specified location.

NEED_GUIDANCE

An unhandled error was encountered while attempting to contact the CA, or there is the service has just been told to monitor a certificate which does not exist and for which it has no location specified for storing a key pair that could be used to generate a signing request to obtain one.

NEWLY_ADDED

The service has just been told to track a certificate, or to generate a signing request to obtain one.

NEWLY_ADDED_START_READING_KEYINFO

The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if there is already a key pair present.

NEWLY_ADDED_READING_KEYINFO

The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if there is already a key pair present.

NEWLY_ADDED_NEED_KEYINFO_READ_PIN

The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because it is missing the PIN which is required to access an NSS database, or because it has an incorrect PIN for a database.

NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN

The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because the token which should be used for storing the key pair is not present.

NEWLY_ADDED_START_READING_CERT

The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if a certificate is already present in the specified location.

NEWLY_ADDED_READING_CERT

The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if a certificate is already present in the specified location.

NEWLY_ADDED_DECIDING

The service has just been told to track a certificate, or to generate a signing request to obtain one, and is determining its next course of action.

Bugs

Please file tickets for any that you find at https://fedorahosted.org/certmonger/

See Also

certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-rekey(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)

Referenced By

certmonger(8), certmonger-dogtag-ipa-renew-agent-submit(8), certmonger-dogtag-submit(8), certmonger-ipa-submit(8), certmonger-local-submit(8), certmonger-scep-submit(8), getcert(1), getcert-add-ca(1), getcert-add-scep-ca(1), getcert-list-cas(1), getcert-modify-ca(1), getcert-refresh(1), getcert-refresh-ca(1), getcert-rekey(1), getcert-remove-ca(1), getcert-request(1), getcert-resubmit(1), getcert-start-tracking(1), getcert-status(1), getcert-stop-tracking(1), ipa-getcert(1), local-getcert(1), selfsign-getcert(1).

June 28, 2016 certmonger Manual