diff options
author | Rob Crittenden <rcrit@ipa.greyoak.com> | 2008-07-11 11:34:29 -0400 |
---|---|---|
committer | Rob Crittenden <rcrit@ipa.greyoak.com> | 2008-07-14 09:06:52 -0400 |
commit | 6980b073035cdd43b30b58aba3ce7f84f16a14ad (patch) | |
tree | 2e291b420d42ad02df9221fb4036bb22698463df /ipa-server/man | |
parent | b95c05f5c6a9977e6bb02d091a601efb3bcf360e (diff) | |
download | freeipa-6980b073035cdd43b30b58aba3ce7f84f16a14ad.tar.gz freeipa-6980b073035cdd43b30b58aba3ce7f84f16a14ad.tar.xz freeipa-6980b073035cdd43b30b58aba3ce7f84f16a14ad.zip |
Rework the way SSL certificates are imported from PKCS#12 files.
Add the ability to provide PKCS#12 files during initial installation
Add the ability to provide PKCS#12 files when preparing a replica
Correct some issues with ipa-server-certinstall
452402
Diffstat (limited to 'ipa-server/man')
-rw-r--r-- | ipa-server/man/ipa-replica-prepare.1 | 13 | ||||
-rw-r--r-- | ipa-server/man/ipa-server-certinstall.1 | 9 | ||||
-rw-r--r-- | ipa-server/man/ipa-server-install.1 | 15 |
3 files changed, 34 insertions, 3 deletions
diff --git a/ipa-server/man/ipa-replica-prepare.1 b/ipa-server/man/ipa-replica-prepare.1 index b04bb665f..8eb49444a 100644 --- a/ipa-server/man/ipa-replica-prepare.1 +++ b/ipa-server/man/ipa-replica-prepare.1 @@ -29,6 +29,19 @@ A replica can only be created on an IPA server installed with ipa\-server\-insta You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname. Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname. +.SH "OPTIONS" +.TP +\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Directory Server SSL Certificate +.TP +\fB\-\-http_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Apache Server SSL Certificate +.TP +\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR +The password of the Directory Server PKCS#12 file +.TP +\fB\-\-http_pin\fR=\fIHTTP_PIN\fR +The password of the Apache Server PKCS#12 file .SH "EXIT STATUS" 0 if the command was successful diff --git a/ipa-server/man/ipa-server-certinstall.1 b/ipa-server/man/ipa-server-certinstall.1 index 950676966..946ab9f80 100644 --- a/ipa-server/man/ipa-server-certinstall.1 +++ b/ipa-server/man/ipa-server-certinstall.1 @@ -26,8 +26,9 @@ Replace the current SSL Directory and/or Apache server certificate(s) with the c PKCS#12 is a file format used to safely transport SSL certificates and public/private keypairs. -They may be generated and managed using the NSS pk12util command or the OpeNSSL pkcs12 command. +They may be generated and managed using the NSS pk12util command or the OpenSSL pkcs12 command. +The service(s) are not automatically restarted. In order to use the newly installed certificate(s) you will need to manually restart the Directory and/or Apache servers. .SH "OPTIONS" .TP \fB\-d\fR, \fB\-\-dirsrv\fR @@ -35,6 +36,12 @@ Install the certificate on the Directory Server .TP \fB\-w\fR, \fB\-\-http\fR Install the certificate in the Apache Web Server +.TP +\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR +The password of the Directory Server PKCS#12 file +.TP +\fB\-\-http_pin\fR=\fIHTTP_PIN\fR +The password of the Apache Server PKCS#12 file .SH "EXIT STATUS" 0 if the installation was successful diff --git a/ipa-server/man/ipa-server-install.1 b/ipa-server/man/ipa-server-install.1 index 9fa06c77e..8854f4e56 100644 --- a/ipa-server/man/ipa-server-install.1 +++ b/ipa-server/man/ipa-server-install.1 @@ -60,10 +60,21 @@ Generate a DNS zone file that contains auto\-discovery records for this IPA serv .TP \fB\-n\fR, \fB\-\-no\-ntp\fR Do not configure NTP -<fb>\-U\fR, \fB\-\-uninstall\fR +\fB\-U\fR, \fB\-\-uninstall\fR Uninstall an existing IPA installation +.TP +\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Directory Server SSL Certificate +.TP +\fB\-\-http_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Apache Server SSL Certificate +.TP +\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR +The password of the Directory Server PKCS#12 file +.TP +\fB\-\-http_pin\fR=\fIHTTP_PIN\fR +The password of the Apache Server PKCS#12 file .PP -By default the full name, home Directory and login shell and username fields are displayed. .SH "EXIT STATUS" 0 if the installation was successful |