diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-11-18 11:24:46 -0500 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-11-19 14:18:12 -0500 |
commit | 23c1fa50ea823dff082898872596752150a99837 (patch) | |
tree | f1955f9911ce25c9ba14c481a01eb1f067e92e18 | |
parent | 94a964ac6285683a90f2f5cd484a6cc4fc25f82f (diff) | |
download | pki-23c1fa50ea823dff082898872596752150a99837.tar.gz pki-23c1fa50ea823dff082898872596752150a99837.tar.xz pki-23c1fa50ea823dff082898872596752150a99837.zip |
Updated pki CLI man page.
The man page for pki CLI has been updated to include the commands
for managing the client security database.
-rw-r--r-- | base/java-tools/man/man1/pki.1 | 37 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 18 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java | 4 |
3 files changed, 39 insertions, 20 deletions
diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1 index 966e2ee6f..d7fe8b15a 100644 --- a/base/java-tools/man/man1/pki.1 +++ b/base/java-tools/man/man1/pki.1 @@ -1,7 +1,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH pki 1 "November 5, 2013" "version 10.1" "PKI Command-Line Interface (CLI) Tools" Ade Lee +.TH pki 1 "November 18, 2013" "version 10.1" "PKI Command-Line Interface (CLI)" Ade Lee .\" Please adjust this date whenever revising the man page. .\" .\" Some roff macros, for reference: @@ -15,22 +15,23 @@ .\" .sp <n> insert n+1 empty lines .\" for man page specific macros, see man(7) .SH NAME -pki \- Command-Line Interface Tool for accessing Certificate System Servers. +pki \- Command-Line Interface for accessing Certificate System services. .SH SYNOPSIS pki [CLI options] <command> [command arguments] .SH DESCRIPTION .PP -\fBpki\fR provides a command-line interface to Certificate System Servers, allowing administrators to manage certificates, groups, keys, security domains, and users. +\fBpki\fR provides a command-line interface allowing clients to access various services on the Certificate System server. +These services include certificates, groups, keys, security domains, and users. .SH OPTIONS .TP -.B -c <database password> -Specifies the certificate database password. +.B -c <security database password> +Specifies the security database password. .TP -.B -d <database> -Specifies the certificate database to be used. +.B -d <security database location> +Specifies the security database location (default: ~/.dogtag/nssdb). .TP .B -h <hostname> Specifies the hostname (default: localhost). @@ -65,8 +66,26 @@ Specifies the user password. .SH OPERATIONS To view available commands and options, simply type \fBpki\fP. Some commands have sub-commands. To view the sub-commands, type \fBpki <command>\fP. To view each command's usage, type \fB pki <command> --help\fP. +.SS Security Database + +The CLI uses a security database to store keys and certificates on the client side. To create a new database execute the following command: + +.B pki -d <security database location> -c <security database password> client-init + +To view certificates in the security database: + +.B pki -d <security database location> -c <security database password> client-cert-find + +To import a certificate into the security database: + +.B pki -d <security database location> -c <security database password> -n <certificate nickname> client-cert-import --cert <certificate file> + +To delete a certificate from the security database: + +.B pki -d <security database location> -c <security database password> client-cert-del <certificate nickname> + .SS Connection -By default, the \fBpki\fP client connects to a server running on the localhost via the non-secure HTTP port 8080. To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP). +By default, the CLI connects to a server running on the localhost via the non-secure HTTP port 8080. To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP). .B pki -P <protocol> -h <hostname> -p <port> <command> @@ -89,7 +108,7 @@ To authenticate with a username and password: To authenticate with a client certificate: -.B pki -d <certificate database directory> -c <certificate database password> -n "<certificate nickname>" <command> +.B pki -d <security database location> -c <security database password> -n <certificate nickname> <command> .SS Viewing Certificates Certificates can be viewed anonymously. diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index 7de46a06c..082c8140b 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -153,11 +153,11 @@ public class MainCLI extends CLI { option.setArgName("type"); options.addOption(option); - option = new Option("d", true, "Certificate database location (default: ~/.dogtag/nssdb)"); + option = new Option("d", true, "Security database location (default: ~/.dogtag/nssdb)"); option.setArgName("database"); options.addOption(option); - option = new Option("c", true, "Certificate database password"); + option = new Option("c", true, "Security database password"); option.setArgName("password"); options.addOption(option); @@ -241,17 +241,17 @@ public class MainCLI extends CLI { convertCertStatusList(list, ignoredCertStatuses); if (config.getCertDatabase() == null) { - // Use default certificate database + // Use default security database this.certDatabase = new File( System.getProperty("user.home") + File.separator + ".dogtag" + File.separator + "nssdb"); } else { - // Use existing certificate database + // Use existing security database this.certDatabase = new File(config.getCertDatabase()); } - if (verbose) System.out.println("Certificate database: "+this.certDatabase.getAbsolutePath()); + if (verbose) System.out.println("Security database: "+this.certDatabase.getAbsolutePath()); } public void convertCertStatusList(String list, Collection<Integer> statuses) throws Exception { @@ -273,12 +273,12 @@ public class MainCLI extends CLI { public void init() throws Exception { - // Main program should initialize certificate database + // Main program should initialize security database if (certDatabase.exists()) { CryptoManager.initialize(certDatabase.getAbsolutePath()); } - // If password is specified, use password to access client database + // If password is specified, use password to access security database if (config.getCertPassword() != null) { try { CryptoManager manager = CryptoManager.getInstance(); @@ -288,11 +288,11 @@ public class MainCLI extends CLI { } catch (NotInitializedException e) { // The original exception doesn't contain a message. - throw new Error("Certificate database not initialized."); + throw new Error("Security database does not exist."); } catch (IncorrectPasswordException e) { // The original exception doesn't contain a message. - throw new IncorrectPasswordException("Incorrect certificate database password."); + throw new IncorrectPasswordException("Incorrect security database password."); } } diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java index 34c9b7792..94fd48231 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java @@ -61,7 +61,7 @@ public class ClientInitCLI extends CLI { MainCLI mainCLI = (MainCLI)parent.getParent(); if (mainCLI.config.getCertPassword() == null) { - System.err.println("Error: Certificate database password is required."); + System.err.println("Error: Security database password is required."); System.exit(1); } @@ -71,7 +71,7 @@ public class ClientInitCLI extends CLI { if (certDatabase.exists()) { if (!force) { - System.out.print("Certificate database already exists. Overwrite (y/N)? "); + System.out.print("Security database already exists. Overwrite (y/N)? "); System.out.flush(); BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); |