getcert-list (1) - Linux Manuals

NAME

getcert

SYNOPSIS

getcert list [options]

DESCRIPTION

Queries certmonger for a list of certificates which it is monitoring or attempting to obtain.

ENROLLMENT OPTIONS

-c NAME
List only entries which use the specified CA. The name of the CA should correspond to one listed by getcert list-cas.

LISTING OPTIONS

-r
List only entries which are either currently being enrolled or refreshed.
-t
List only entries which are not currently being enrolled or refreshed.

-d DIR
List only entries which use an NSS database in the specified directory for storing the certificate.
-n NAME
List only tracking requests which use an NSS database and the specified nickname for storing the certificate.
-f FILE
List only tracking requests which specify that the certificate should be stored in the specified file.
-i NAME
List only tracking requests which use this request nickname.

STATES

NEED_KEY_PAIR
The service is about to generate a new key pair.
GENERATING_KEY_PAIR
The service is currently generating a new key pair.
NEED_KEY_GEN_PERMS
The service encountered a filesystem permission error while attempting to save the newly-generated key pair.
NEED_KEY_GEN_PIN
The service is missing the PIN which is required to access an NSS database in order to save the newly-generated key pair, or it has an incorrect PIN for a database.
NEED_KEY_GEN_TOKEN
The service was unable to find a suitable token to use for generating the new key pair.
HAVE_KEY_PAIR
The service has successfully generated a new key pair.
NEED_KEYINFO
The service needs to read information about the key pair.
READING_KEYINFO
The service is currently reading information about the key pair.
NEED_KEYINFO_READ_PIN
The service is missing the PIN which is required to access an NSS database in order to read information about the newly-generated key pair, or it has an incorrect PIN for a database, or has an incorrect password for accessing a key stored in encrypted PEM format.
NEED_KEYINFO_READ_TOKEN
The service was unable to find the token in which the key pair is supposed to be stored.
HAVE_KEYINFO
The service has successfully read information about the key pair.
NEED_CSR
The service is about to generate a new signing request.
GENERATING_CSR
The service is generating a signing request.
NEED_CSR_GEN_PIN
The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format.
NEED_CSR_GEN_TOKEN
The service was unable to find the token in which the key pair is supposed to be stored.
HAVE_CSR
The service has successfully generated a signing request.
NEED_SCEP_DATA
The service is about to generate data specifically needed for connecting to a CA using SCEP.
GENERATING_SCEP_DATA
The service is generating data specifically needed for connecting to a CA using SCEP.
NEED_SCEP_GEN_PIN
The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format.
NEED_SCEP_GEN_TOKEN
The service was unable to find the token in which the key pair is supposed to be stored.
NEED_SCEP_ENCRYPTION_CERT
The service is waiting until it can retrieve a copy of the CA's certificate before it can generate data required for connecting to the CA using SCEP.
NEED_SCEP_RSA_CLIENT_KEY
The CA should be contacted using SCEP, but SCEP requires the client key pair to be an RSA key pair, and it is not.
HAVE_SCEP_DATA
The service has successfully generated data for use in SCEP.
NEED_TO_SUBMIT
The service is about to submit a signing request to a CA for signing.
SUBMITTING
The service is currently submitting a signing request to a CA for signing.
NEED_CA
The service can't submit a request to a CA because it doesn't know which CA to use.
CA_UNREACHABLE
The service was unable to contact the CA, but it will try again later.
CA_UNCONFIGURED
The service is missing configuration which will be needed in order to successfully contact the CA.
CA_REJECTED
The CA rejected the signing request.
CA_WORKING
The CA has not yet approved or rejected the request. The service will check on the status of the request later.
NEED_TO_SAVE_CERT
The CA approved the signing request, and the service is about to save the issued certificate to the location where it has been told to save it.
PRE_SAVE_CERT
The service is running a configured pre-saving command before saving the newly-issued certificate to the location where it has been told to save it.
START_SAVING_CERT
The service is starting to save the issued certificate to the location where it has been told to save it.
SAVING_CERT
The service is attempting to save the issued certificate to the location where it has been told to save it.
NEED_CERTSAVE_PERMS
The service encountered a filesystem permission error while attempting to save the newly-issued certificate to the location where it has been told to save it.
NEED_CERTSAVE_TOKEN
The service is unable to find the token in which the newly-issued certificate is to be stored.
NEED_CERTSAVE_PIN
The service is missing the PIN which is required to access an NSS database in order to save the newly-issued certificate to the location where it has been told to save it.
NEED_TO_SAVE_CA_CERTS
The service is about to save the certificate of the issuing CA to the locations where it has been told to save them.
START_SAVING_CA_CERTS
The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them.
SAVING_CA_CERTS
The service is saving the certificate of the issuing CA to the locations where it has been told to save them.
NEED_TO_SAVE_ONLY_CA_CERTS
The service is about to save the certificate of the issuing CA to the locations where it has been told to save them.
START_SAVING_ONLY_CA_CERTS
The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them.
SAVING_ONLY_CA_CERTS
The service is saving the certificate of the issuing CA to the locations where it has been told to save them.
NEED_CA_CERT_SAVE_PERMS
NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a filesystem permission error while attempting to save the certificate of the issuing CA to the locations where it has been told to save them.
NEED_TO_READ_CERT
The service is about to read the issued certificate from the location where it has been told to save it.
READING_CERT
The service is reading the issued certificate from the location where it has been told to save it.
SAVED_CERT
The service has finished finished saving the issued certificate and the issuer's certificate to the locations where it has been told to save them.
POST_SAVED_CERT
The service is running a configured post-saving command after saving the newly-issued certificate to the location where it has been told to save them.
MONITORING
The service is monitoring the certificate and waiting for its not-valid-after date to approach. This is expected to be the status most often seen.
NEED_TO_NOTIFY_VALIDITY
The service is about to notify the system administrator that the certificate's not-valid-after date is approaching.
NOTIFYING_VALIDITY
The service is notifying the system administrator that the certificate's not-valid-after date is approaching.
NEED_TO_NOTIFY_REJECTION
The service is about to notify the system administrator that the CA rejected the signing request.
NOTIFYING_REJECTION
The service is notifying the system administrator that the CA rejected the signing request.
NEED_TO_NOTIFY_ISSUED_SAVE_FAILED
The service is needs to notify the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it.
NOTIFYING_ISSUED_SAVE_FAILED
The service is is notifying the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it.
NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED
The service is needs to notify the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it.
NOTIFYING_ISSUED_CA_SAVE_FAILED
The service is notifying the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it.
NEED_TO_NOTIFY_ISSUED_SAVED
The service is needs to notify the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it.
NOTIFYING_ISSUED_SAVED
The service is notifying the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it.
NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED
The service needs to notify the system administrator that there was a problem saving the CA's certificates to the specified location.
NOTIFYING_ONLY_CA_SAVE_FAILED
The service is notifying the system administrator that there was a problem saving the CA's certificates to the specified location.
NEED_GUIDANCE
An unhandled error was encountered while attempting to contact the CA, or there is the service has just been told to monitor a certificate which does not exist and for which it has no location specified for storing a key pair that could be used to generate a signing request to obtain one.
NEWLY_ADDED
The service has just been told to track a certificate, or to generate a signing request to obtain one.
NEWLY_ADDED_START_READING_KEYINFO
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if there is already a key pair present.
NEWLY_ADDED_READING_KEYINFO
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if there is already a key pair present.
NEWLY_ADDED_NEED_KEYINFO_READ_PIN
The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because it is missing the PIN which is required to access an NSS database, or because it has an incorrect PIN for a database.
NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN
The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because the token which should be used for storing the key pair is not present.
NEWLY_ADDED_START_READING_CERT
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if a certificate is already present in the specified location.
NEWLY_ADDED_READING_CERT
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if a certificate is already present in the specified location.
NEWLY_ADDED_DECIDING
The service has just been told to track a certificate, or to generate a signing request to obtain one, and is determining its next course of action.

BUGS

Please file tickets for any that you find at https://fedorahosted.org/certmonger/

SEE ALSO

certmonger(8) getcert(1) getcert-add-ca(1) getcert-add-scep-ca(1) getcert-list-cas(1) getcert-modify-ca(1) getcert-refresh-ca(1) getcert-refresh(1) getcert-remove-ca(1) getcert-request(1) getcert-resubmit(1) getcert-start-tracking(1) getcert-status(1) getcert-stop-tracking(1) certmonger-certmaster-submit(8) certmonger-dogtag-ipa-renew-agent-submit(8) certmonger-dogtag-submit(8) certmonger-ipa-submit(8) certmonger-local-submit(8) certmonger-scep-submit(8) certmonger_selinux(8)