Split pki manual page.

The manual page for pki has been split into separate pages for each
command module to simplify reading and editing. The formatting have
been fixed to make it more consistent. The content of the manual
pages will be further improved in future patches.

Ticket #519

7 files changed, 621 insertions, 140 deletions

diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1
new file mode 100644
index 000000000..bde8bd2b2
--- /dev/null
+++ b/base/java-tools/man/man1/pki-cert.1
@@ -0,0 +1,159 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-cert 1 "May 5, 2014" "version 10.2" "PKI Certificate Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-cert \- Command-Line Interface for managing certificates on the Certificate System server.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-cert\fR
+\fBpki\fR [CLI options] \fB<subsystem>-cert-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-show\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-revoke\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-hold\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-release-hold\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-show\fR <profile ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-submit\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-review\fR <request ID> [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-cert\fR commands provide command-line interfaces to manage certificates on the specified subsystem.
+.PP
+Valid subsystems are \fBca\fR and \fBtps\fR. If the <subsystem>- prefix is omitted, it will default to \fBca\fR.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert\fR
+.RS 4
+This command is to list available certificate commands for the subsystem.
+Different subsystems may have different certificate commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-find\fR [command options]
+.RS 4
+This command is to list certificates in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-show\fR <certificate ID> [command options]
+.RS 4
+This command is to view a certificate details in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-revoke\fR <certificate ID>
+.RS 4
+This command is to revoke a certificate.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-hold\fR <certificate ID>
+.RS 4
+This command is to place a certificate on hold temporarily.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-release-hold\fR <certificate ID>
+.RS 4
+This command is to release a certificate that has been placed on hold.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-find\fR [command options]
+.RS 4
+This command is to list available certificate request templates.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-show\fR <profile ID> [command options]
+.RS 4
+This command is to view a certificate request template.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-submit\fR [command options]
+.RS 4
+This command is to submit a certificate request.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-review\fR <request ID> [command options]
+.RS 4
+This command is to review a certificate request.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available certificate commands, type \fBpki <subsystem>-cert\fP. To view each command's usage, type \fB pki <subsystem>-cert-<command> --help\fP.
+
+.SS Viewing Certificates
+Certificates can be viewed anonymously.
+
+To list all certificates in the CA:
+
+.B pki ca-cert-find
+
+It is also possible to search for and list specific certificates by adding a search filter.  Use \fBpki ca-cert-find --help\fP to see options.  For example, to search based on issuance date:
+
+.B pki ca-cert-find --issuedOnFrom 2012-06-15
+
+To view a particular certificate:
+
+.B pki ca-cert-show <certificate ID>
+
+.SS Revoking Certificates
+Revoking, holding, or releasing a certificate must be executed as an agent user.
+To revoke a certificate:
+
+.B pki <agent authentication> ca-cert-revoke <certificate ID>
+
+To place a certificate on hold temporarily:
+
+.B pki <agent authentication> ca-cert-hold <certificate ID>
+
+To release a certificate that has been placed on hold:
+
+.B pki <agent authentication> ca-cert-release-hold <certificate ID>
+
+.SS Certificate Requests
+To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to.
+
+The list of profiles can be viewed using the CLI command:
+
+.B pki ca-cert-request-profile-find
+
+The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example:
+
+\fBpki ca-cert-request-profile-show <profileID> --output <file to store the XML template>\fP
+
+will store the XML template of the request in the specified output file.
+
+Then, fill in the values in the XML file and submit the request for review.  This can be done without authentication.
+
+.B pki ca-cert-request-submit <request file>
+
+Then, an agent needs to review the request by running the following command:
+
+.B pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the certificate request>
+
+The certificate request, as well as the defaults and constraints of the enrollment profile, will be stored in the output file provided by the --file option.  The agent can examine the file and override any values if necessary.  To process the request, enter the appropriate action when prompted:
+
+.B Action (approve/reject/cancel/update/validate/assign/unassign):
+
+Alternatively, the agent can process the request in a single step with the following command:
+
+.B pki <agent authentication> ca-cert-request-review <request ID> --action <action>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-client.1 b/base/java-tools/man/man1/pki-client.1
new file mode 100644
index 000000000..b43be0ea5
--- /dev/null
+++ b/base/java-tools/man/man1/pki-client.1
@@ -0,0 +1,83 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-client 1 "May 5, 2014" "version 10.2" "PKI Client Security Database Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-client \- Command-Line Interface for managing the security database on Certificate System client.
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fBclient\fR
+\fBpki\fR [CLI options] \fBclient-init\fR [command options]
+\fBpki\fR [CLI options] \fBclient-cert-find\fR [command options]
+\fBpki\fR [CLI options] \fBclient-cert-import\fR [command options]
+\fBpki\fR [CLI options] \fBclient-cert-del\fR [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-client\fR commands provide command-line interfaces to manage the security database on the client's machine.
+.PP
+\fBpki\fR [CLI options] \fBclient\fR
+.RS 4
+This command is to list available client commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-init\fR [command options]
+.RS 4
+This command is to create a new security database for the client.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-cert-find\fR [command options]
+.RS 4
+This command is to list certificates in the client security database.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-cert-import\fR [command options]
+.RS 4
+This command is to view a certificate in the client security database.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-cert-del\fR [command options]
+.RS 4
+This command is to delete a certificate from the client security database.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available client commands, type \fBpki client\fP. To view each command's usage, type \fB pki client-<command> --help\fP.
+
+To create a new database execute the following command:
+
+.B pki -d <security database location> -c <security database password> client-init
+
+To view certificates in the security database:
+
+.B pki -d <security database location> -c <security database password> client-cert-find
+
+To import a certificate into the security database:
+
+.B pki -d <security database location> -c <security database password> -n <certificate nickname> client-cert-import --cert <certificate file>
+
+To delete a certificate from the security database:
+
+.B pki -d <security database location> -c <security database password> client-cert-del <certificate nickname>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-group.1 b/base/java-tools/man/man1/pki-group.1
new file mode 100644
index 000000000..d84033a18
--- /dev/null
+++ b/base/java-tools/man/man1/pki-group.1
@@ -0,0 +1,115 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-group 1 "May 5, 2014" "version 10.2" "PKI Group Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-group \- Command-Line Interface for managing Certificate System groups.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-group\fR
+\fBpki\fR [CLI options] \fB<subsystem>-group-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-show\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-add\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-mod\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-del\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-add\fR <group ID> <member ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-del\fR <group ID> <member ID> [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-group\fR commands provide command-line interfaces to manage groups on the specified subsystem.
+.PP
+Valid subsystems are \fBca\fR, \fBkra\fR, \fBocsp\fR, \fBtks\fR, and \fBtps\fR.
+If the \fB<subsystem>-\fR prefix is omitted, it will default to \fBca\fR.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group\fR
+.RS 4
+This command is to list available group commands for the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-find\fR [command options]
+.RS 4
+This command is to list groups in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-show\fR <group ID> [command options]
+.RS 4
+This command is to view a group details in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-add\fR <group ID> [command options]
+.RS 4
+This command is to add a group into the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-mod\fR <group ID> [command options]
+.RS 4
+This command is to modify a group in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-del\fR <group ID> [command options]
+.RS 4
+This command is to delete a group from the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-add\fR <group ID> <member ID> [command options]
+.RS 4
+This command is to add a member to a group.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-del\fR <group ID> <member ID> [command options]
+.RS 4
+This command is to delete a member from a group.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available group commands, type \fBpki <subsystem>-group\fP. To view each command's usage, type \fB pki <subsystem>-group-<command> --help\fP.
+
+All group commands must be executed as the subsystem administrator.
+
+To list groups in CA, use \fBpki ca-group-find\fP.  It is possible to select the page size to limit the number of entries returned.  To list all groups:
+
+.B pki <admin authentication> ca-group-find
+
+To view a particular group:
+
+.B pki <admin authentication> ca-group-show <group ID>
+
+To add a group:
+
+.B pki <admin authentication> ca-group-add <group ID> --description "description"
+
+To delete a group:
+
+.B pki <admin authentication> ca-group-del <group ID>
+
+To add a user to a group:
+
+.B pki <admin authentication> ca-group-member-add <group ID> <member ID>
+
+To delete a user from a group:
+
+.B pki <admin authentication> ca-group-member-del <group ID> <member ID>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-key.1 b/base/java-tools/man/man1/pki-key.1
new file mode 100644
index 000000000..d27d9369d
--- /dev/null
+++ b/base/java-tools/man/man1/pki-key.1
@@ -0,0 +1,60 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-key 1 "May 5, 2014" "version 10.2" "PKI Key Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-key \- Command-Line Interface for managing Certificate System keys.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-key\fR
+\fBpki\fR [CLI options] \fB<subsystem>-key-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-key-request-find\fR [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-key\fR commands provide command-line interfaces to manage keys on the KRA.
+.PP
+The only valid subsystem is \fBkra\fR. The \fB<subsystem>-\fR prefix may be omitted.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-key\fR
+.RS 4
+This command is to list available key commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-key-find\fR [command options]
+.RS 4
+This command is to list keys.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-key-request-find\fR [command options]
+.RS 4
+This command is to list key requests.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available key commands, type \fBpki <subsystem>-key\fP. To view each command's usage, type \fB pki <subsystem>-key-<command> --help\fP.
+
+This will be documented in more detail at a later time.
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-securitydomain.1 b/base/java-tools/man/man1/pki-securitydomain.1
new file mode 100644
index 000000000..d902d4703
--- /dev/null
+++ b/base/java-tools/man/man1/pki-securitydomain.1
@@ -0,0 +1,64 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-securitydomain 1 "May 5, 2014" "version 10.2" "PKI Security Domain Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-securitydomain \- Command-Line Interface for managing Certificate System security domain.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fBsecuritydomain\fR
+\fBpki\fR [CLI options] \fBsecuritydomain-get-install-token\fR [command options]
+\fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-securitydomain\fR commands provide command-line interfaces to manage the security domain.
+.PP
+\fBpki\fR [CLI options] \fBsecuritydomain\fR
+.RS 4
+This command is to list available security domain commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBsecuritydomain-get-install-token\fR [command options]
+.RS 4
+This command is to get an installation token.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options]
+.RS 4
+This command is to show the contents of the security domain.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available security domain commands, type \fBpki securitydomain\fP. To view each command's usage, type \fB pki securitydomain-<command> --help\fP.
+
+To get an installation token (used when installing a new subsystem within a security domain):
+
+\fBpki <security domain admin authentication> securitydomain-get-install-token --hostname <hostname> --subsystem <subsystem>\fP
+
+To show the contents of the security domain:
+
+\fBpki <security domain admin authentication> securitydomain-show\fP
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-user.1 b/base/java-tools/man/man1/pki-user.1
new file mode 100644
index 000000000..a591047d3
--- /dev/null
+++ b/base/java-tools/man/man1/pki-user.1
@@ -0,0 +1,94 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-user 1 "May 5, 2014" "version 10.2" "PKI User Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-user \- Command-Line Interface for managing Certificate System users.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-user\fR
+\fBpki\fR [CLI options] \fB<subsystem>-user-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-show\fR <user ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-add\fR <user ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-mod\fR <user ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-del\fR <user ID> [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-user\fR commands provide command-line interfaces to manage users on the specified subsystem.
+.PP
+Valid subsystems are \fBca\fR, \fBkra\fR, \fBocsp\fR, \fBtks\fR, and \fBtps\fR. If the \fB<subsystem>-\fR prefix is omitted, it will default to \fBca\fR.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user\fR
+.RS 4
+This command is to list available user commands for the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-find\fR [command options]
+.RS 4
+This command is to list users in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-show\fR <user ID> [command options]
+.RS 4
+This command is to view a user details in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-add\fR <user ID> [command options]
+.RS 4
+This command is to add a user into the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-mod\fR <user ID> [command options]
+.RS 4
+This command is to modify a user in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-del\fR <user ID> [command options]
+.RS 4
+This command is to delete a user from the subsystem.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available user commands, type \fBpki <subsystem>-user\fP. To view each command's usage, type \fB pki <subsystem>-user-<command> --help\fP.
+
+All user commands must be executed as the subsystem administrator.
+
+To list users in CA, use \fBpki ca-user-find\fP.  It is possible to select the page size to limit the size of the results.  To list all users:
+
+.B pki <admin authentication> ca-user-find
+
+To view a particular user:
+
+.B pki <admin authentication> ca-user-show <user ID>
+
+To add a user:
+
+.B pki <admin authentication> ca-user-add <user ID> --fullName "<full name>"
+
+To delete a user:
+
+.B pki <admin authentication> ca-user-del <user ID>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1
index d7fe8b15a..7f57b0ef9 100644
--- a/base/java-tools/man/man1/pki.1
+++ b/base/java-tools/man/man1/pki.1
@@ -1,7 +1,7 @@
 .\" First parameter, NAME, should be all caps
 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
 .\" other parameters are allowed: see man(7), man(1)
-.TH pki 1 "November 18, 2013" "version 10.1" "PKI Command-Line Interface (CLI)" Ade Lee
+.TH pki 1 "May 5, 2014" "version 10.2" "PKI Command-Line Interface (CLI)" Dogtag Team
 .\" Please adjust this date whenever revising the man page.
 .\"
 .\" Some roff macros, for reference:
@@ -18,14 +18,14 @@
 pki \- Command-Line Interface for accessing Certificate System services.
 
 .SH SYNOPSIS
-pki [CLI options] <command> [command arguments]
+\fBpki\fR [CLI options] <command> [command arguments]
 
 .SH DESCRIPTION
 .PP
-\fBpki\fR provides a command-line interface allowing clients to access various services on the Certificate System server.
+The \fBpki\fR command provides a command-line interface allowing clients to access various services on the Certificate System server.
 These services include certificates, groups, keys, security domains, and users.
   
-.SH OPTIONS
+.SH CLI OPTIONS
 .TP
 .B -c <security database password>
 Specifies the security database password.
@@ -34,7 +34,7 @@ Specifies the security database password.
 Specifies the security database location (default: ~/.dogtag/nssdb).
 .TP
 .B -h <hostname>
-Specifies the hostname (default: localhost).
+Specifies the hostname (default: hostname of the local machine).
 .TP
 .B --help
 Prints additional help information.
@@ -58,34 +58,21 @@ Specifies the username.
 Displays verbose information.
 .TP
 .B --version
-Displays 'pki' CLI version information.
+Displays CLI version information.
 .TP
 .B -w <password>
 Specifies the user password.
 
 .SH OPERATIONS
-To view available commands and options, simply type \fBpki\fP.  Some commands have sub-commands. To view the sub-commands, type \fBpki <command>\fP.  To view each command's usage, type \fB pki <command> --help\fP.
+To view available commands and options, simply type \fBpki\fP.  Some commands have sub-commands.
+To view the sub-commands, type \fBpki <command>\fP.
+To view each command's usage, type \fB pki <command> --help\fP.
 
-.SS Security Database
-
-The CLI uses a security database to store keys and certificates on the client side. To create a new database execute the following command:
-
-.B pki -d <security database location> -c <security database password> client-init
-
-To view certificates in the security database:
-
-.B pki -d <security database location> -c <security database password> client-cert-find
-
-To import a certificate into the security database:
-
-.B pki -d <security database location> -c <security database password> -n <certificate nickname> client-cert-import --cert <certificate file>
-
-To delete a certificate from the security database:
-
-.B pki -d <security database location> -c <security database password> client-cert-del <certificate nickname>
+A client security database is needed to execute commands that require SSL connection or client certificate
+for authentication. See \fBpki-client\fR(1) for more information.
 
 .SS Connection
-By default, the CLI connects to a server running on the localhost via the non-secure HTTP port 8080.  To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP).
+By default, the CLI connects to a server running on the local machine via the non-secure HTTP port 8080.  To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP).
 
 .B pki -P <protocol> -h <hostname> -p <port> <command>
 
@@ -110,129 +97,48 @@ To authenticate with a client certificate:
 
 .B pki -d <security database location> -c <security database password> -n <certificate nickname> <command>
     
-.SS Viewing Certificates
-Certificates can be viewed anonymously.
-
-To list all certificates in the CA:
-
-.B pki ca-cert-find
-
-It is also possible to search for and list specific certificates by adding a search filter.  Use \fBpki ca-cert-find --help\fP to see options.  For example, to search based on issuance date:
-
-.B pki ca-cert-find --issuedOnFrom 2012-06-15
-
-To view a particular certificate:
-
-.B pki ca-cert-show <certificate ID>
-
-.SS Revoking Certificates
-Revoking, holding, or releasing a certificate must be executed as an agent user.
-To revoke a certificate:
-
-.B pki <agent authentication> ca-cert-revoke <certificate ID>
-
-To place a certificate on hold temporarily:
-
-.B pki <agent authentication> ca-cert-hold <certificate ID>
-
-To release a certificate that has been placed on hold:
-
-.B pki <agent authentication> ca-cert-release-hold <certificate ID>
-
-.SS Certificate Requests
-To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to.
-
-The list of profiles can be viewed using the CLI command:  
-
-.B pki ca-cert-request-profile-find
-
-The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example:
-
-\fBpki ca-cert-request-profile-show <profileID> --output <file to store the XML template>\fP
-
-will store the XML template of the request in the specified output file.
-
-Then, fill in the values in the XML file and submit the request for review.  This can be done without authentication.
-
-.B pki ca-cert-request-submit <request file>
-
-Then, an agent needs to review the request by running the following command:
-
-.B pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the certificate request>
-
-The certificate request, as well as the defaults and constraints of the enrollment profile, will be stored in the output file provided by the --file option.  The agent can examine the file and override any values if necessary.  To process the request, enter the appropriate action when prompted:
-
-.B Action (approve/reject/cancel/update/validate/assign/unassign):
-
-Alternatively, the agent can process the request in a single step with the following command:
-
-.B pki <agent authentication> ca-cert-request-review <request ID> --action <action>
-
-.SS Group Management Commands
-All group commands must be executed as the subsystem administrator. Type \fBpki <subsystem>-group\fP to view all group management commands for the subsystem.
-
-To list groups in CA, use \fBpki ca-group-find\fP.  It is possible to select the page size to limit the number of entries returned.  To list all groups:
-
-.B pki <admin authentication> ca-group-find
-
-To view a particular group:
-
-.B pki <admin authentication> ca-group-show <group ID>
-
-To add a group:
-
-.B pki <admin authentication> ca-group-add <group ID> --description "description"
-
-To delete a group:
-
-.B pki <admin authentication> ca-group-del <group ID>
-
-To add a user to a group:
-
-.B pki <admin authentication> ca-group-member-add <group ID> <Member ID>
-
-To delete a user from a group:
-
-.B pki <admin authentication> ca-group-member-del <group ID> <Member ID>
-
-.\".SS Key Management Commands
-.\"\fBpki\fP can be used with a KRA to find specific keys and key requests.  This will be documented in more detail at a later time.
-
-.SS Security Domain Commands
-\fBpki\fP can be used to access certain information from the security domain.
-
-To get an installation token (used when installing a new subsystem within a security domain):
-
-\fBpki <security domain admin authentication> securitydomain-get-install-token --hostname <hostname> --subsystem <subsystem>\fP
-
-To show the contents of the security domain:
-
-\fBpki <security domain admin authentication> securitydomain-show\fP
-
-.SS User Management Commands
-All user commands must be executed as the subsystem administrator. Type \fBpki <subsystem>-user\fP to view all user management commands for the subsystem.
-
-To list users in CA, use \fBpki ca-user-find\fP.  It is possible to select the page size to limit the size of the results.  To list all users:
-
-.B pki <admin authentication> ca-user-find
-
-To view a particular user:
+.SH FILES
+.I /usr/bin/pki
 
-.B pki <admin authentication> ca-user-show <user ID>
+.SH SEE ALSO
+.PP
+\fBpki-cert\fR(1)
+.RS 4
+Certificate management commands
+.RE
 
-To add a user:
+.PP
+\fBpki-client\fR(1)
+.RS 4
+Client security database management commands
+.RE
 
-.B pki <admin authentication> ca-user-add <user ID> --fullName "<full name>"
+.PP
+\fBpki-group\fR(1)
+.RS 4
+Group management commands
+.RE
 
-To delete a user:
+.PP
+\fBpki-key\fR(1)
+.RS 4
+Key management commands
+.RE
 
-.B pki <admin authentication> ca-user-del <user ID>
+.PP
+\fBpki-securitydomain\fR(1)
+.RS 4
+Security domain management commands
+.RE
 
-.SH FILES
-.I /usr/bin/pki
+.PP
+\fBpki-user\fR(1)
+.RS 4
+User management commands
+.RE
 
 .SH AUTHORS
-Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.  \fBpki\fP was written by the Dogtag project.
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
 
 .SH COPYRIGHT
 Copyright (c) 2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.