Allow adding CA certificates to certificate store in ipa-cacert-manage.

Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

1 files changed, 23 insertions, 0 deletions

diff --git a/install/tools/man/ipa-cacert-manage.1 b/install/tools/man/ipa-cacert-manage.1
index cf42b2457..3006be7fc 100644
--- a/install/tools/man/ipa-cacert-manage.1
+++ b/install/tools/man/ipa-cacert-manage.1
@@ -37,6 +37,13 @@ When the IPA CA is subordinate of an external CA, the renewal process involves s
 .sp
 When the IPA CA is not configured, this command is not available.
 .RE
+.TP
+\fBinstall\fR
+\- Install a CA certificate
+.sp
+.RS
+This command can be used to install new CA certificate to IPA.
+.RE
 .SH "OPTIONS"
 .TP
 \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
@@ -54,6 +61,22 @@ PEM file containing a certificate signed by the external CA. Must be given with
 \fB\-\-external\-ca\-file\fR=\fIFILE\fR
 PEM file containing the external CA chain.
 .TP
+\fB\-n\fR \fINICKNAME\fR, \fB\-\-nickname\fR=\fINICKNAME\fR
+Nickname for the certificate.
+.TP
+\fB\-t\fR \fITRUST_FLAGS\fR, \fB\-\-trust\-flags\fR=\fITRUST_FLAGS\fR
+Trust flags for the certificate in certutil format. Trust flags are of the form "X,Y,Z" where X is for SSL, Y is for S/MIME, and Z is for code signing. Use ",," for no explicit trust.
+.sp
+The supported trust flags are:
+.RS
+.IP
+C \- CA trusted to issue server certificates
+.IP
+T \- CA trusted to issue client certificates
+.IP
+p \- not trusted
+.RE
+.TP
 \fB\-v\fR, \fB\-\-verbose\fR
 Print debugging information.
 .TP