From 8bbdfff102849c0f573e56530a734643a568e0dd Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Fri, 13 Jun 2014 14:49:29 +0200 Subject: Allow adding CA certificates to certificate store in ipa-cacert-manage. Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden --- install/tools/man/ipa-cacert-manage.1 | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'install') diff --git a/install/tools/man/ipa-cacert-manage.1 b/install/tools/man/ipa-cacert-manage.1 index cf42b2457..3006be7fc 100644 --- a/install/tools/man/ipa-cacert-manage.1 +++ b/install/tools/man/ipa-cacert-manage.1 @@ -37,6 +37,13 @@ When the IPA CA is subordinate of an external CA, the renewal process involves s .sp When the IPA CA is not configured, this command is not available. .RE +.TP +\fBinstall\fR +\- Install a CA certificate +.sp +.RS +This command can be used to install new CA certificate to IPA. +.RE .SH "OPTIONS" .TP \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR @@ -54,6 +61,22 @@ PEM file containing a certificate signed by the external CA. Must be given with \fB\-\-external\-ca\-file\fR=\fIFILE\fR PEM file containing the external CA chain. .TP +\fB\-n\fR \fINICKNAME\fR, \fB\-\-nickname\fR=\fINICKNAME\fR +Nickname for the certificate. +.TP +\fB\-t\fR \fITRUST_FLAGS\fR, \fB\-\-trust\-flags\fR=\fITRUST_FLAGS\fR +Trust flags for the certificate in certutil format. Trust flags are of the form "X,Y,Z" where X is for SSL, Y is for S/MIME, and Z is for code signing. Use ",," for no explicit trust. +.sp +The supported trust flags are: +.RS +.IP +C \- CA trusted to issue server certificates +.IP +T \- CA trusted to issue client certificates +.IP +p \- not trusted +.RE +.TP \fB\-v\fR, \fB\-\-verbose\fR Print debugging information. .TP -- cgit