local-submit [-d state-directory] [-v] [csrfile]
local-submit is the helper which certmonger uses to implement its local signer. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into local-submit via stdin.
The local signer is currently hard-coded to generate and use a 2048-bit RSA key and a name and initial serial number based on a UUID, replacing that key and certificate at roughly the midpoint of their useful lifetime.
certmonger supports retrieving the list of current and previously-used local CA certificates. See getcert-request(1) and getcert-resubmit(1) for information about specifying where those certificates should be stored.
Identifies the directory which contains the local signer's private key, certificates, and other data used by the local signer.
Increases the verbosity of the tool's diagnostic logging.
if the certificate was issued. The new certificate will be printed.
if the helper needs to be called again. An error message may be printed.
if critical configuration information is missing. An error message may be printed.
is currently a PKCS#12 bundle containing the local signer's current signing key and current and previously-used signer certificates. It should not be modified except by the local signer. A new key is currently generated when ever a new signer certificate is needed.
currently contains the serial number which will be used for the next issued certificate. It should not be modified except by the local signer.
Please file tickets for any that you find at https://fedorahosted.org/certmonger/