diff --git a/.gitignore b/.gitignore
index 5dc13e6..51818a3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@ certmonger-0.28.tar.gz
 /certmonger-0.38.tar.gz
 /certmonger-0.39.tar.gz
 /certmonger-0.40.tar.gz
+/certmonger-0.41.tar.gz
diff --git a/certmonger.spec b/certmonger.spec
index f7fa8f8..7bf71a8 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -1,5 +1,5 @@
 Name:		certmonger
-Version:	0.40
+Version:	0.41
 Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
@@ -47,7 +47,7 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
 %setup -q
 
 %build
-%configure --with-file-store-dir=%{_localstatedir}/lib/certmonger
+%configure --with-tmpdir=/var/run/certmonger
 # For some reason, Fedora's xmlrpc-c-config just tells us about
 # libxmlrpc_client, but in F13 we need all of them.  Workaround.
 make %{?_smp_mflags} XMLRPC_LIBS="-lxmlrpc_client -lxmlrpc_util -lxmlrpc"
@@ -63,6 +63,11 @@ install -m755 src/certmonger.init $RPM_BUILD_ROOT/%{_initrddir}/certmonger
 mkdir -p $RPM_BUILD_ROOT/%{_initddir}
 install -m755 src/certmonger.init $RPM_BUILD_ROOT/%{_initddir}/certmonger
 %endif
+install -m755 -d $RPM_BUILD_ROOT/var/run/certmonger
+%if 0%{?fedora} > 14
+install -m755 -d $RPM_BUILD_ROOT/etc/tmpfiles.d
+install -m644 certmonger.tmpfiles $RPM_BUILD_ROOT/etc/tmpfiles.d/certmonger.conf
+%endif
 
 %{find_lang} %{name}
 
@@ -108,8 +113,31 @@ exit 0
 %{_mandir}/man*/*
 %{_libexecdir}/%{name}
 %{_localstatedir}/lib/certmonger
+%if 0%{?fedora} > 14
+%attr(0644,root,root) %config(noreplace) /etc/tmpfiles.d/certmonger.conf
+%endif
+%dir /var/run/certmonger
 
 %changelog
+* Mon Apr 11 2011 Nalin Dahyabhai <nalin@redhat.com> 0.41-1
+- read information about the keys we've just generated before proceeding
+  to generating a CSR
+- when processing a "resubmit" request from getcert, go back to key
+  generation if we don't have keys yet, else go back to CSR generation as
+  before (#694184)
+- configure with --with-tmpdir=/var/run/certmonger and own /var/run/certmonger
+  (#687899), and add a systemd tmpfiles.d control file for creating
+  /var/run/certmonger on Fedora 15 and later
+- let session instances exit when they get disconnected from the bus
+- use a lock file to make sure there's only one session instance messing
+  around with the user's files at a time
+- fix errors saving certificates to NSS databases when there's already a
+  certificate there with the same nickname
+- if we fail to read a certificate when a request is first added, switch
+  to trying again later
+- make key and certificate location output from 'getcert list' more properly
+  translatable (#7)
+
 * Mon Mar 28 2011 Nalin Dahyabhai <nalin@redhat.com> 0.40-1
 - update to 0.40
   - fix validation check on EKU OIDs in getcert (#691351)
diff --git a/sources b/sources
index 926465b..bcafb31 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 61d0823735e5774bca184215bdbe218b  certmonger-0.40.tar.gz
+38e34326d8bd4d1aa1be48add2ef8701  certmonger-0.41.tar.gz