diff options
author | Endi S. Dewata <edewata@redhat.com> | 2015-11-17 05:08:51 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2015-11-25 22:45:25 +0100 |
commit | 3294f5087997427d060bce85d033652f7a8431da (patch) | |
tree | 047bbe1a14c2350731e5debf32ddb173f35e1a01 /base/java-tools | |
parent | 20c985ae773b26f653cac6d22bd9d93923e18c8e (diff) | |
download | pki-3294f5087997427d060bce85d033652f7a8431da.tar.gz pki-3294f5087997427d060bce85d033652f7a8431da.tar.xz pki-3294f5087997427d060bce85d033652f7a8431da.zip |
Updated pki-cert and pki-server-subsystem man pages.
The pki-cert and pki-server-subsystem man pages have been updated
to include recent changes.
https://fedorahosted.org/pki/ticket/456
Diffstat (limited to 'base/java-tools')
-rw-r--r-- | base/java-tools/man/man1/pki-cert.1 | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1 index ffa1fea5d..7ece1ad7b 100644 --- a/base/java-tools/man/man1/pki-cert.1 +++ b/base/java-tools/man/man1/pki-cert.1 @@ -191,23 +191,32 @@ To release a certificate that has been placed on hold: .B pki <agent authentication> ca-cert-release-hold <certificate ID> .SS Certificate Requests -To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to. -The list of profiles can be viewed using the CLI command: +To request a certificate, first generate a certificate signing request (CSR), +then submit it with a certificate profile. The list of available profiles can +be viewed using the following command: .B pki ca-cert-request-profile-find -The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example: +To generate a CSR, use the certutil, PKCS10Client, or +CRMFPopClient, and store it into a file. -\fBpki ca-cert-request-profile-show <profileID> \-\-output <file to store the XML template>\fP +Basic requests can be submitted using the following command: -will store the XML template of the request in the specified output file. +.B pki ca-cert-request-submit --profile <profile ID> --request-type <type> --csr-file <CSR file> --subject <subject DN> -Then, fill in the values in the XML file and submit the request for review. This can be done without authentication. +To submit more advanced requests, download a template of the request file for +a particular profile using the following command: + +.B pki ca-cert-request-profile-show <profile ID> \-\-output <request file> + +Then, edit the request file, fill in the input attributes required by the +profile, and submit the request using the following command: .B pki ca-cert-request-submit <request file> -Then, an agent needs to review the request by running the following command: +Depending on the profile, an agent may need to review the request by running +the following command: .B pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the certificate request> |