Description

certmonger is a service that monitors and renews certificates. It can also be used to request new certificates. This test case ensures that the certmonger service is functional and can request, track, and renew certificates.

Setup

1. Install the certmonger package: sudo dnf install certmonger.
2. Ensure you have a Certificate Authority (CA) configured or available to issue a test certificate.

How to test

1. Start the certmonger service: sudo systemctl start certmonger.
2. Check the status of the service to ensure it's running: sudo systemctl status certmonger.
3. Use getcert to request a new certificate. For a simple self-signed certificate: sudo getcert request -f /tmp/test.pem -k /tmp/test-key.pem -c local -N CN=my.test.server.
4. Verify the certificate and key files exist at /tmp/test.pem and /tmp/test-key.pem.

Expected Results

1. The certmonger service starts without any errors.
2. The service status indicates that certmonger is active and running.
3. A new self-signed certificate is generated, and the certificate and key files are present at the specified paths.
4. The content of the certificate (viewable with openssl x509 -in /tmp/test.pem -text -noout) should reflect the specified details, such as the Common Name (CN).

Optional

For advanced testing:

1. Set up a full CA (like Dogtag or FreeIPA) and request certificates from it.
2. Try renewing certificates using certmonger.
3. Monitor expiration and ensure certmonger auto-renews or sends appropriate alerts for nearly expired certificates.