diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-09-24 16:41:47 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 08:50:47 +0200 |
| commit | 88083887c994ab505d6e07151e5dd26b56bb7732 (patch) | |
| tree | fde6a1a529a9c5969082acf081854672154fa22a /install/tools/man | |
| parent | 3aa0731fc660ea3d111a44926ab5dea71dc510e7 (diff) | |
| download | freeipa-88083887c994ab505d6e07151e5dd26b56bb7732.tar.gz freeipa-88083887c994ab505d6e07151e5dd26b56bb7732.tar.xz freeipa-88083887c994ab505d6e07151e5dd26b56bb7732.zip | |
CA-less installer options usability fixes
The --*_pkcs12 options of ipa-server-install and ipa-replica-prepare have
been replaced by --*-cert-file options which accept multiple files.
ipa-server-certinstall now accepts multiple files as well. The files are
accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and
raw private key and PKCS#12 formats.
The --root-ca-file option of ipa-server-install has been replaced by
--ca-cert-file option which accepts multiple files. The files are
accepted in PEM and DER certificate and PKCS#7 certificate chain formats.
The --*_pin options of ipa-server-install and ipa-replica-prepare have been
renamed to --*-pin.
https://fedorahosted.org/freeipa/ticket/4489
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools/man')
| -rw-r--r-- | install/tools/man/ipa-replica-prepare.1 | 24 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-certinstall.1 | 6 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 28 |
3 files changed, 29 insertions, 29 deletions
diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1 index 8e1e60a25..fc8bf8332 100644 --- a/install/tools/man/ipa-replica-prepare.1 +++ b/install/tools/man/ipa-replica-prepare.1 @@ -35,23 +35,23 @@ Once the file has been created it will be named replica\-hostname. This file can A replica should only be installed on the same or higher version of IPA on the remote system. .SH "OPTIONS" .TP -\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Directory Server SSL Certificate and Private Key +\fB\-\-dirsrv\-cert\-file\fR=\fIFILE\fR +File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times. .TP -\fB\-\-http_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Apache Server SSL Certificate and Private Key +\fB\-\-http\-cert\-file\fR=\fIFILE\fR +File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times. .TP -\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Kerberos KDC Certificate and Private Key +\fB\-\-pkinit\-cert\-file\fR=\fIFILE\fR +File containing the Kerberos KDC SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times. .TP -\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR -The password of the Directory Server PKCS#12 file +\fB\-\-dirsrv\-pin\fR=\fIPIN\fR +The password to unlock the Directory Server private key .TP -\fB\-\-http_pin\fR=\fIHTTP_PIN\fR -The password of the Apache Server PKCS#12 file +\fB\-\-http\-pin\fR=\fIPIN\fR +The password to unlock the Apache Server private key .TP -\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR -The password of the Kerberos KDC PKCS#12 file +\fB\-\-pkinit\-pin\fR=\fIPIN\fR +The password to unlock the Kerberos KDC private key .TP \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password diff --git a/install/tools/man/ipa-server-certinstall.1 b/install/tools/man/ipa-server-certinstall.1 index f428402da..a5cb4bb7f 100644 --- a/install/tools/man/ipa-server-certinstall.1 +++ b/install/tools/man/ipa-server-certinstall.1 @@ -20,9 +20,9 @@ .SH "NAME" ipa\-server\-certinstall \- Install new SSL server certificates .SH "SYNOPSIS" -ipa\-server\-certinstall [\fIOPTION\fR]... PKCS12_FILE +ipa\-server\-certinstall [\fIOPTION\fR]... FILE... .SH "DESCRIPTION" -Replace the current SSL Directory and/or Apache server certificate(s) with the certificate in the PKCS#12 file. +Replace the current SSL Directory and/or Apache server certificate(s) with the certificate in the specified files. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. PKCS#12 is a file format used to safely transport SSL certificates and public/private keypairs. @@ -38,7 +38,7 @@ Install the certificate on the Directory Server Install the certificate in the Apache Web Server .TP \fB\-\-pin\fR=\fIPIN\fR -The password of the PKCS#12 file +The password to unlock the private key .TP \fB\-\-dirman\-password\fR=\fIDIRMAN_PASSWORD\fR Directory Manager password diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 92d9ec85a..0bd59687d 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -93,26 +93,26 @@ File containing the IPA CA certificate and the external CA certificate chain. Th \fB\-\-no\-pkinit\fR Disables pkinit setup steps .TP -\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Directory Server SSL Certificate +\fB\-\-dirsrv\-cert\-file\fR=\fIFILE\fR +File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times. .TP -\fB\-\-http_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Apache Server SSL Certificate +\fB\-\-http\-cert\-file\fR=\fIFILE\fR +File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times. .TP -\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Kerberos KDC SSL certificate +\fB\-\-pkinit\-cert\-file\fR=\fIFILE\fR +File containing the Kerberos KDC SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times. .TP -\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR -The password of the Directory Server PKCS#12 file +\fB\-\-dirsrv\-pin\fR=\fIPIN\fR +The password to unlock the Directory Server private key .TP -\fB\-\-http_pin\fR=\fIHTTP_PIN\fR -The password of the Apache Server PKCS#12 file +\fB\-\-http\-pin\fR=\fIPIN\fR +The password to unlock the Apache Server private key .TP -\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR -The password of the Kerberos KDC PKCS#12 file +\fB\-\-pkinit\-pin\fR=\fIPIN\fR +The password to unlock the Kerberos KDC private key .TP -\fB\-\-root\-ca\-file\fR=\fIFILE\fR -PEM file containing the CA certificate of the CA which issued the Directory Server, Apache Server and Kerberos KDC SSL certificates. Use this option if the CA certificate is not present in the PKCS#12 files. +\fB\-\-ca\-cert\-file\fR=\fIFILE\fR +File containing the CA certificate of the CA which issued the Directory Server, Apache Server and Kerberos KDC certificates. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. Use this option if the CA certificate is not present in the certificate files. .TP \fB\-\-subject\fR=\fISUBJECT\fR The certificate subject base (default O=REALM.NAME) |