Suchen
SupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 12. Working with certmonger

download PDF
Part of managing machine authentication is managing machine certificates. The certmonger service manages certificate life cycle for applications and, if properly configured, can work together with a certificate authority (CA) to renew certificates.
The certmonger daemon and its command-line clients simplify the process of generating public/private key pairs, creating certificate requests, and submitting requests to the CA for signing. The certmonger daemon monitors certificates for expiration and can renew certificates that are about to expire. The certificates that certmonger monitors are tracked in files stored in a configurable directory. The default location is /var/lib/certmonger/requests.

Note

The certmonger daemon cannot revoke certificates. A certificate can only be revoked by a relevant Certificate Authority, which needs to invalidate the certificate and update its Certificate Revocation List.

12.1. certmonger and Certificate Authorities

By default, certmonger can automatically obtain three kinds of certificates that differ in what authority source the certificate employs:
  • Self-signed certificate
    Generating a self-signed certificate does not involve any CA, because each certificate is signed using the certificate's own key. The software that is verifying a self-signed certificate needs to be instructed to trust that certificates directly in order to verify it.
    To obtain a self-signed certificate, run the selfsign-getcert command.
  • Certificate from the Dogtag Certificate System CA as part of Red Hat Enterprise Linux IdM
    To obtain a certificate using an IdM server, run the ipa-getcert command
  • Certificate signed by a local CA present on the system
    The software that is verifying a certificate signed by a local signer needs to be instructed to trust certificates from this local signer in order to verify them.
    To obtain a locally-signed certificate, run the local-getcert command.
Other CAs can also use certmonger to manage certificates, but support must be added to certmonger by creating special CA helpers. For more information on how to create CA helpers, see the certmonger project documentation at https://pagure.io/certmonger/blob/master/f/doc/submit.txt.
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.