Certmonger is primarily concerned with getting you or your system enrolled with a certificate authority (CA) and keeping you enrolled.

To do this, the certmonger daemon runs in the background, taking guidance from client tools (via a D-Bus API, a command-line tool is provided which uses it). The daemon:

The goal is to have certmonger do what you need it to do based on what you've told it you need. If you already have a certificate, it will be happy to just check on it periodically and warn you when it's about to expire. If you tell it where the private key is, and where the CA is, it can go ahead and try to re-enroll if you like.

Keys and certificates can be stored and read in any of these formats:


This documentation is located in the certmonger documentation repo ssh://git@pagure.io/docs/certmonger.git. Feel free to to report issues about the documentation on the certmonger issue tracker.