B.3. Tracking Certificates with certmonger
certmongercan manage the entire certificate lifecycle. Along with generating requests,
certmongercan track a certificate and automatically renew it when it expires at the end of its validity period.
This is done using the
start-trackingcommand with the
-Ioption creates the tracking entry, along with pointers to the key and certificate files, either in an NSS database (
-n) or in the PEM file (
certmongerto renew the certificate.
# ipa-getcert start-tracking -I cert1-tracker -d /export/alias -n ServerCert -r
-roption can be passed with the
requestcommand, in Example B.1, “Using certmonger for a Service”. In that case, the requested certificate is automatically tracked and renewed by
certmonger. Then, it is not necessary to configure tracking manually.
A certificate can be untracked by
certmongerby using the