Certmonger is primarily concerned with getting you or your system enrolled with a certificate authority (CA) and keeping you enrolled. To do this, the certmonger daemon runs in the background, taking guidance from client tools (via a D-Bus API, a command-line tool is provided which uses it). The daemon: * can generate key pairs if you don't already have one * can use a key pair to generate a certificate signing request * can submit the signing request to a CA * can wait for the CA to decide whether or not to issue the certificate * can store an issued certificate in a specified location * can monitor the certificate to see if it's about to expire * can warn you or simply log that a certificate is about to expire * can attempt to get a new certificate when a certificate is about to expire The goal is to have certmonger do what you need it to do based on what you've told it you need. If you already have a certificate, it will be happy to just check on it periodically and warn you when it's about to expire. If you tell it where the private key is, and where the CA is, it can go ahead and try to re-enroll if you like. Keys and certificates can be stored and read in any of these formats: * PEM-formatted files * NSS database The certmonger daemon knows how to self-sign certificates, and will be able to submit requests to: * self-signing [implemented] * IPA [in progress] I'd like for it to also be able to submit requests to: * certmaster * Dogtag/RHCS * ADCS And perhaps also: * KMIP-compatible systems * SCEP This package is hosted at http://certmonger.fedorahosted.org/.