certmonger is a D-Bus-based service which attempts to simplify interaction with certifying authorities (CAs) on networks which use public-key infrastructure (PKI).
- If it knows the location of a certificate, certmonger can track the expiration date and notify you when the certificate is about to expire.
- If it has access to the corresponding private key and information about the CA which issued the certificate, certmonger can even attempt to automatically obtain a new certificate.
- Supports certificate and key storage in PEM or NSSDB formats.
- Can self-sign certificates, sign them with a system-local certificate, or can submit them to either certmaster or IPA for signing. Support for SCEP is currently being planned.
- Read the getting started guide.
- Developers might want to do things with the D-Bus API or look at ways to add support for other CAs.