Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   26626 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

certmonger(8)							 certmonger(8)

NAME
       ipa-submit

SYNOPSIS
       ipa-submit [-h serverHost] [-H serverURL] [-c cafile] [-C capath] [[-K]
       | [-t keytab] [-k submitterPrincipal]]  [-P  principalOfRequest]	 [csr‐
       file]

DESCRIPTION
       ipa-submit is the helper which certmonger uses to make requests to IPA-
       based CAs.  It is not normally run interactively, but  it  can  be  for
       troubleshooting purposes.  The signing request which is to be submitted
       should either be in a file whose name is given as an argument,  or  fed
       into ipa-submit via stdin.

OPTIONS
       -P csrPrincipal
	      Identifies  the principal name of the service for which the cer‐
	      tificate is being issued.	 This setting is required by  IPA  and
	      must always be specified.

       -h serverHost
	      Submit  the request to the IPA server running on the named host.
	      The  default  is	to  read  the  location	 of  the   host	  from
	      /etc/ipa/default.conf.

       -H serverURL
	      Submit  the request to the IPA server at the specified location.
	      The  default  is	to  read  the  location	 of  the   host	  from
	      /etc/ipa/default.conf.

       -c cafile
	      The  server's certificate was issued by the CA whose certificate
	      is in the named file.  The default value is /etc/ipa/ca.crt.

       -C capath
	      Trust the server if its certificate was issued  by  a  CA	 whose
	      certificate  is  in  a file in the named directory.  There is no
	      default for this option, and it is not expected to be necessary.

       -t keytab
	      Authenticate to the IPA server using  credentials	 derived  from
	      keys  stored  in	the named keytab.  The default value can vary,
	      but it is usually /etc/krb5.keytab.  This option conflicts  with
	      the -K option.

       -k authPrincipal
	      Authenticate  to	the  IPA server using credentials derived from
	      keys stored in the named keytab for this	principal  name.   The
	      default  value  is  the  host  service for the local host in the
	      local realm.  This option conflicts with the -K option.

       -K     Authenticate to the IPA server using  credentials	 derived  from
	      the  default credential cache rather than a keytab.  This option
	      conflicts with the -k option.

EXIT STATUS
       0      if the certificate was issued. The certificate will be printed.

       1      if the CA is still thinking.  A cookie value will be printed.

       2      if the CA	 rejected  the	request.   An  error  message  may  be
	      printed.

       3      if the CA was unreachable.  An error message may be printed.

       4      if critical configuration information is missing.	 An error mes‐
	      sage may be printed.

FILES
       /etc/ipa/default.conf
	      is the IPA client configuration file.  This file is consulted to
	      determine the URL for the IPA server's XML-RPC interface.

BUGS
       Please	file   tickets	for  any  that	you  find  at  https://fedora‐
       hosted.org/certmonger/

SEE ALSO
       certmonger(8) getcert(1) getcert-list(1)	 getcert-list-cas(1)  getcert-
       resubmit(1) getcert-start-tracking(1) getcert-stop-tracking(1) certmon‐
       ger-dogtag-ipa-renew-agent-submit(8) certmonger-certmaster-submit(8)

certmonger Manual		  7 June 2010			 certmonger(8)

Vote for polarhome