Certmonger is primarily concerned with getting you or your system enrolled with a certificate authority (CA) and keeping you enrolled.
To do this, the certmonger daemon runs in the background, taking guidance from client tools (via a D-Bus API, a command-line tool is provided which uses it). The daemon:
The goal is to have certmonger do what you need it to do based on what you've told it you need. If you already have a certificate, it will be happy to just check on it periodically and warn you when it's about to expire. If you tell it where the private key is, and where the CA is, it can go ahead and try to re-enroll if you like.
Keys and certificates can be stored and read in any of these formats:
The certmonger daemon knows how to self-sign certificates, and can submit signing to:
I'd like for it to also be able to submit requests to:
And perhaps also:
This package is hosted at https://pagure.io/certmonger/.