summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2015-11-17 05:08:51 +0100
committerMatthew Harmsen <mharmsen@pki.usersys.redhat.com>2016-02-22 20:19:38 -0700
commit71d4bc1b5b73c34622adfacf3105d2fc8feb1aa1 (patch)
tree8b3a2264aeec3fdea889cf3400fd29eea8b2864e
parentbc0de424aa8c56d2278e41b7786ca202b7e64cc3 (diff)
downloadpki-71d4bc1b5b73c34622adfacf3105d2fc8feb1aa1.tar.gz
pki-71d4bc1b5b73c34622adfacf3105d2fc8feb1aa1.tar.xz
pki-71d4bc1b5b73c34622adfacf3105d2fc8feb1aa1.zip
Updated pki-cert and pki-server-subsystem man pages.
The pki-cert and pki-server-subsystem man pages have been updated to include recent changes. https://fedorahosted.org/pki/ticket/456 (cherry picked from commit 3294f5087997427d060bce85d033652f7a8431da)
-rw-r--r--base/java-tools/man/man1/pki-cert.123
-rw-r--r--base/server/man/man8/pki-server-subsystem.826
2 files changed, 41 insertions, 8 deletions
diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1
index ffa1fea5d..7ece1ad7b 100644
--- a/base/java-tools/man/man1/pki-cert.1
+++ b/base/java-tools/man/man1/pki-cert.1
@@ -191,23 +191,32 @@ To release a certificate that has been placed on hold:
.B pki <agent authentication> ca-cert-release-hold <certificate ID>
.SS Certificate Requests
-To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to.
-The list of profiles can be viewed using the CLI command:
+To request a certificate, first generate a certificate signing request (CSR),
+then submit it with a certificate profile. The list of available profiles can
+be viewed using the following command:
.B pki ca-cert-request-profile-find
-The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example:
+To generate a CSR, use the certutil, PKCS10Client, or
+CRMFPopClient, and store it into a file.
-\fBpki ca-cert-request-profile-show <profileID> \-\-output <file to store the XML template>\fP
+Basic requests can be submitted using the following command:
-will store the XML template of the request in the specified output file.
+.B pki ca-cert-request-submit --profile <profile ID> --request-type <type> --csr-file <CSR file> --subject <subject DN>
-Then, fill in the values in the XML file and submit the request for review. This can be done without authentication.
+To submit more advanced requests, download a template of the request file for
+a particular profile using the following command:
+
+.B pki ca-cert-request-profile-show <profile ID> \-\-output <request file>
+
+Then, edit the request file, fill in the input attributes required by the
+profile, and submit the request using the following command:
.B pki ca-cert-request-submit <request file>
-Then, an agent needs to review the request by running the following command:
+Depending on the profile, an agent may need to review the request by running
+the following command:
.B pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the certificate request>
diff --git a/base/server/man/man8/pki-server-subsystem.8 b/base/server/man/man8/pki-server-subsystem.8
index 04d57f5ac..719982c51 100644
--- a/base/server/man/man8/pki-server-subsystem.8
+++ b/base/server/man/man8/pki-server-subsystem.8
@@ -24,6 +24,10 @@ pki-server subsystem \- Command-Line Interface for managing Certificate System s
\fBpki-server [CLI options] subsystem-show\fR -i <instance ID> <subsystem ID>
\fBpki-server [CLI options] subsystem-enable\fR -i <instance ID> <subsystem ID>
\fBpki-server [CLI options] subsystem-disable\fR -i <instance ID> <subsystem ID>
+\fBpki-server [CLI options] subsystem-cert-find\fR -i <instance ID> <subsystem ID>
+\fBpki-server [CLI options] subsystem-cert-show\fR -i <instance ID> <subsystem ID> <cert ID>
+\fBpki-server [CLI options] subsystem-cert-export\fR -i <instance ID> <subsystem ID> <cert ID>
+\fBpki-server [CLI options] subsystem-cert-update\fR -i <instance ID> <subsystem ID> <cert ID>
.fi
.SH DESCRIPTION
@@ -53,7 +57,7 @@ This command is to list subsystems within a specific instance.
.PP
\fBpki-server [CLI options] subsystem-show\fR -i <instance ID> <subsystem ID>
.RS 4
-This command is to view a details about a particular subsystem.
+This command is to view the details about a particular subsystem.
.RE
.PP
\fBpki-server [CLI options] subsystem-enable\fR -i <instance ID> <subsystem ID>
@@ -78,6 +82,26 @@ through the web interfaces. This is useful when specific subsystems need to be
made inaccessible for maintenance as Apache Tomcat allows web applications to be
deployed/undeployed while the instance is still running (hot deployment).
.RE
+.PP
+\fBpki-server [CLI options] subsystem-cert-find\fR -i <instance ID> <subsystem ID>
+.RS 4
+This command is to list system certificates in a particular subsystem.
+.RE
+.PP
+\fBpki-server [CLI options] subsystem-cert-show\fR -i <instance ID> <subsystem ID> <cert ID>
+.RS 4
+This command is to view the details about a system certificate in a particular subsystem.
+.RE
+.PP
+\fBpki-server [CLI options] subsystem-cert-export\fR -i <instance ID> <subsystem ID> <cert ID>
+.RS 4
+This command is to export a system certificate in a particular subsystem.
+.RE
+.PP
+\fBpki-server [CLI options] subsystem-cert-update\fR -i <instance ID> <subsystem ID> <cert ID>
+.RS 4
+This command is to update a system certificate in a particular subsystem.
+.RE
.SH OPTIONS
The CLI options are described in \fBpki-server\fR(8).