diff options
-rw-r--r-- | base/java-tools/man/man1/pki-cert.1 | 23 | ||||
-rw-r--r-- | base/server/man/man8/pki-server-subsystem.8 | 26 |
2 files changed, 41 insertions, 8 deletions
diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1 index ffa1fea5d..7ece1ad7b 100644 --- a/base/java-tools/man/man1/pki-cert.1 +++ b/base/java-tools/man/man1/pki-cert.1 @@ -191,23 +191,32 @@ To release a certificate that has been placed on hold: .B pki <agent authentication> ca-cert-release-hold <certificate ID> .SS Certificate Requests -To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to. -The list of profiles can be viewed using the CLI command: +To request a certificate, first generate a certificate signing request (CSR), +then submit it with a certificate profile. The list of available profiles can +be viewed using the following command: .B pki ca-cert-request-profile-find -The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example: +To generate a CSR, use the certutil, PKCS10Client, or +CRMFPopClient, and store it into a file. -\fBpki ca-cert-request-profile-show <profileID> \-\-output <file to store the XML template>\fP +Basic requests can be submitted using the following command: -will store the XML template of the request in the specified output file. +.B pki ca-cert-request-submit --profile <profile ID> --request-type <type> --csr-file <CSR file> --subject <subject DN> -Then, fill in the values in the XML file and submit the request for review. This can be done without authentication. +To submit more advanced requests, download a template of the request file for +a particular profile using the following command: + +.B pki ca-cert-request-profile-show <profile ID> \-\-output <request file> + +Then, edit the request file, fill in the input attributes required by the +profile, and submit the request using the following command: .B pki ca-cert-request-submit <request file> -Then, an agent needs to review the request by running the following command: +Depending on the profile, an agent may need to review the request by running +the following command: .B pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the certificate request> diff --git a/base/server/man/man8/pki-server-subsystem.8 b/base/server/man/man8/pki-server-subsystem.8 index 04d57f5ac..719982c51 100644 --- a/base/server/man/man8/pki-server-subsystem.8 +++ b/base/server/man/man8/pki-server-subsystem.8 @@ -24,6 +24,10 @@ pki-server subsystem \- Command-Line Interface for managing Certificate System s \fBpki-server [CLI options] subsystem-show\fR -i <instance ID> <subsystem ID> \fBpki-server [CLI options] subsystem-enable\fR -i <instance ID> <subsystem ID> \fBpki-server [CLI options] subsystem-disable\fR -i <instance ID> <subsystem ID> +\fBpki-server [CLI options] subsystem-cert-find\fR -i <instance ID> <subsystem ID> +\fBpki-server [CLI options] subsystem-cert-show\fR -i <instance ID> <subsystem ID> <cert ID> +\fBpki-server [CLI options] subsystem-cert-export\fR -i <instance ID> <subsystem ID> <cert ID> +\fBpki-server [CLI options] subsystem-cert-update\fR -i <instance ID> <subsystem ID> <cert ID> .fi .SH DESCRIPTION @@ -53,7 +57,7 @@ This command is to list subsystems within a specific instance. .PP \fBpki-server [CLI options] subsystem-show\fR -i <instance ID> <subsystem ID> .RS 4 -This command is to view a details about a particular subsystem. +This command is to view the details about a particular subsystem. .RE .PP \fBpki-server [CLI options] subsystem-enable\fR -i <instance ID> <subsystem ID> @@ -78,6 +82,26 @@ through the web interfaces. This is useful when specific subsystems need to be made inaccessible for maintenance as Apache Tomcat allows web applications to be deployed/undeployed while the instance is still running (hot deployment). .RE +.PP +\fBpki-server [CLI options] subsystem-cert-find\fR -i <instance ID> <subsystem ID> +.RS 4 +This command is to list system certificates in a particular subsystem. +.RE +.PP +\fBpki-server [CLI options] subsystem-cert-show\fR -i <instance ID> <subsystem ID> <cert ID> +.RS 4 +This command is to view the details about a system certificate in a particular subsystem. +.RE +.PP +\fBpki-server [CLI options] subsystem-cert-export\fR -i <instance ID> <subsystem ID> <cert ID> +.RS 4 +This command is to export a system certificate in a particular subsystem. +.RE +.PP +\fBpki-server [CLI options] subsystem-cert-update\fR -i <instance ID> <subsystem ID> <cert ID> +.RS 4 +This command is to update a system certificate in a particular subsystem. +.RE .SH OPTIONS The CLI options are described in \fBpki-server\fR(8). |