summaryrefslogtreecommitdiffstats
path: root/base/java-tools
diff options
context:
space:
mode:
Diffstat (limited to 'base/java-tools')
-rw-r--r--base/java-tools/man/man1/pki-cert.1159
-rw-r--r--base/java-tools/man/man1/pki-client.183
-rw-r--r--base/java-tools/man/man1/pki-group.1115
-rw-r--r--base/java-tools/man/man1/pki-key.160
-rw-r--r--base/java-tools/man/man1/pki-securitydomain.164
-rw-r--r--base/java-tools/man/man1/pki-user.194
-rw-r--r--base/java-tools/man/man1/pki.1186
7 files changed, 621 insertions, 140 deletions
diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1
new file mode 100644
index 000000000..bde8bd2b2
--- /dev/null
+++ b/base/java-tools/man/man1/pki-cert.1
@@ -0,0 +1,159 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-cert 1 "May 5, 2014" "version 10.2" "PKI Certificate Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-cert \- Command-Line Interface for managing certificates on the Certificate System server.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-cert\fR
+\fBpki\fR [CLI options] \fB<subsystem>-cert-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-show\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-revoke\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-hold\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-release-hold\fR <certificate ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-show\fR <profile ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-submit\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-review\fR <request ID> [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-cert\fR commands provide command-line interfaces to manage certificates on the specified subsystem.
+.PP
+Valid subsystems are \fBca\fR and \fBtps\fR. If the <subsystem>- prefix is omitted, it will default to \fBca\fR.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert\fR
+.RS 4
+This command is to list available certificate commands for the subsystem.
+Different subsystems may have different certificate commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-find\fR [command options]
+.RS 4
+This command is to list certificates in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-show\fR <certificate ID> [command options]
+.RS 4
+This command is to view a certificate details in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-revoke\fR <certificate ID>
+.RS 4
+This command is to revoke a certificate.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-hold\fR <certificate ID>
+.RS 4
+This command is to place a certificate on hold temporarily.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-release-hold\fR <certificate ID>
+.RS 4
+This command is to release a certificate that has been placed on hold.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-find\fR [command options]
+.RS 4
+This command is to list available certificate request templates.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-profile-show\fR <profile ID> [command options]
+.RS 4
+This command is to view a certificate request template.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-submit\fR [command options]
+.RS 4
+This command is to submit a certificate request.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-cert-request-review\fR <request ID> [command options]
+.RS 4
+This command is to review a certificate request.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available certificate commands, type \fBpki <subsystem>-cert\fP. To view each command's usage, type \fB pki <subsystem>-cert-<command> --help\fP.
+
+.SS Viewing Certificates
+Certificates can be viewed anonymously.
+
+To list all certificates in the CA:
+
+.B pki ca-cert-find
+
+It is also possible to search for and list specific certificates by adding a search filter. Use \fBpki ca-cert-find --help\fP to see options. For example, to search based on issuance date:
+
+.B pki ca-cert-find --issuedOnFrom 2012-06-15
+
+To view a particular certificate:
+
+.B pki ca-cert-show <certificate ID>
+
+.SS Revoking Certificates
+Revoking, holding, or releasing a certificate must be executed as an agent user.
+To revoke a certificate:
+
+.B pki <agent authentication> ca-cert-revoke <certificate ID>
+
+To place a certificate on hold temporarily:
+
+.B pki <agent authentication> ca-cert-hold <certificate ID>
+
+To release a certificate that has been placed on hold:
+
+.B pki <agent authentication> ca-cert-release-hold <certificate ID>
+
+.SS Certificate Requests
+To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to.
+
+The list of profiles can be viewed using the CLI command:
+
+.B pki ca-cert-request-profile-find
+
+The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example:
+
+\fBpki ca-cert-request-profile-show <profileID> --output <file to store the XML template>\fP
+
+will store the XML template of the request in the specified output file.
+
+Then, fill in the values in the XML file and submit the request for review. This can be done without authentication.
+
+.B pki ca-cert-request-submit <request file>
+
+Then, an agent needs to review the request by running the following command:
+
+.B pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the certificate request>
+
+The certificate request, as well as the defaults and constraints of the enrollment profile, will be stored in the output file provided by the --file option. The agent can examine the file and override any values if necessary. To process the request, enter the appropriate action when prompted:
+
+.B Action (approve/reject/cancel/update/validate/assign/unassign):
+
+Alternatively, the agent can process the request in a single step with the following command:
+
+.B pki <agent authentication> ca-cert-request-review <request ID> --action <action>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-client.1 b/base/java-tools/man/man1/pki-client.1
new file mode 100644
index 000000000..b43be0ea5
--- /dev/null
+++ b/base/java-tools/man/man1/pki-client.1
@@ -0,0 +1,83 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-client 1 "May 5, 2014" "version 10.2" "PKI Client Security Database Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-client \- Command-Line Interface for managing the security database on Certificate System client.
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fBclient\fR
+\fBpki\fR [CLI options] \fBclient-init\fR [command options]
+\fBpki\fR [CLI options] \fBclient-cert-find\fR [command options]
+\fBpki\fR [CLI options] \fBclient-cert-import\fR [command options]
+\fBpki\fR [CLI options] \fBclient-cert-del\fR [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-client\fR commands provide command-line interfaces to manage the security database on the client's machine.
+.PP
+\fBpki\fR [CLI options] \fBclient\fR
+.RS 4
+This command is to list available client commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-init\fR [command options]
+.RS 4
+This command is to create a new security database for the client.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-cert-find\fR [command options]
+.RS 4
+This command is to list certificates in the client security database.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-cert-import\fR [command options]
+.RS 4
+This command is to view a certificate in the client security database.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBclient-cert-del\fR [command options]
+.RS 4
+This command is to delete a certificate from the client security database.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available client commands, type \fBpki client\fP. To view each command's usage, type \fB pki client-<command> --help\fP.
+
+To create a new database execute the following command:
+
+.B pki -d <security database location> -c <security database password> client-init
+
+To view certificates in the security database:
+
+.B pki -d <security database location> -c <security database password> client-cert-find
+
+To import a certificate into the security database:
+
+.B pki -d <security database location> -c <security database password> -n <certificate nickname> client-cert-import --cert <certificate file>
+
+To delete a certificate from the security database:
+
+.B pki -d <security database location> -c <security database password> client-cert-del <certificate nickname>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-group.1 b/base/java-tools/man/man1/pki-group.1
new file mode 100644
index 000000000..d84033a18
--- /dev/null
+++ b/base/java-tools/man/man1/pki-group.1
@@ -0,0 +1,115 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-group 1 "May 5, 2014" "version 10.2" "PKI Group Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-group \- Command-Line Interface for managing Certificate System groups.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-group\fR
+\fBpki\fR [CLI options] \fB<subsystem>-group-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-show\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-add\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-mod\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-del\fR <group ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-add\fR <group ID> <member ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-del\fR <group ID> <member ID> [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-group\fR commands provide command-line interfaces to manage groups on the specified subsystem.
+.PP
+Valid subsystems are \fBca\fR, \fBkra\fR, \fBocsp\fR, \fBtks\fR, and \fBtps\fR.
+If the \fB<subsystem>-\fR prefix is omitted, it will default to \fBca\fR.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group\fR
+.RS 4
+This command is to list available group commands for the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-find\fR [command options]
+.RS 4
+This command is to list groups in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-show\fR <group ID> [command options]
+.RS 4
+This command is to view a group details in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-add\fR <group ID> [command options]
+.RS 4
+This command is to add a group into the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-mod\fR <group ID> [command options]
+.RS 4
+This command is to modify a group in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-del\fR <group ID> [command options]
+.RS 4
+This command is to delete a group from the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-add\fR <group ID> <member ID> [command options]
+.RS 4
+This command is to add a member to a group.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-group-member-del\fR <group ID> <member ID> [command options]
+.RS 4
+This command is to delete a member from a group.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available group commands, type \fBpki <subsystem>-group\fP. To view each command's usage, type \fB pki <subsystem>-group-<command> --help\fP.
+
+All group commands must be executed as the subsystem administrator.
+
+To list groups in CA, use \fBpki ca-group-find\fP. It is possible to select the page size to limit the number of entries returned. To list all groups:
+
+.B pki <admin authentication> ca-group-find
+
+To view a particular group:
+
+.B pki <admin authentication> ca-group-show <group ID>
+
+To add a group:
+
+.B pki <admin authentication> ca-group-add <group ID> --description "description"
+
+To delete a group:
+
+.B pki <admin authentication> ca-group-del <group ID>
+
+To add a user to a group:
+
+.B pki <admin authentication> ca-group-member-add <group ID> <member ID>
+
+To delete a user from a group:
+
+.B pki <admin authentication> ca-group-member-del <group ID> <member ID>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-key.1 b/base/java-tools/man/man1/pki-key.1
new file mode 100644
index 000000000..d27d9369d
--- /dev/null
+++ b/base/java-tools/man/man1/pki-key.1
@@ -0,0 +1,60 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-key 1 "May 5, 2014" "version 10.2" "PKI Key Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-key \- Command-Line Interface for managing Certificate System keys.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-key\fR
+\fBpki\fR [CLI options] \fB<subsystem>-key-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-key-request-find\fR [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-key\fR commands provide command-line interfaces to manage keys on the KRA.
+.PP
+The only valid subsystem is \fBkra\fR. The \fB<subsystem>-\fR prefix may be omitted.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-key\fR
+.RS 4
+This command is to list available key commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-key-find\fR [command options]
+.RS 4
+This command is to list keys.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-key-request-find\fR [command options]
+.RS 4
+This command is to list key requests.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available key commands, type \fBpki <subsystem>-key\fP. To view each command's usage, type \fB pki <subsystem>-key-<command> --help\fP.
+
+This will be documented in more detail at a later time.
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-securitydomain.1 b/base/java-tools/man/man1/pki-securitydomain.1
new file mode 100644
index 000000000..d902d4703
--- /dev/null
+++ b/base/java-tools/man/man1/pki-securitydomain.1
@@ -0,0 +1,64 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-securitydomain 1 "May 5, 2014" "version 10.2" "PKI Security Domain Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-securitydomain \- Command-Line Interface for managing Certificate System security domain.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fBsecuritydomain\fR
+\fBpki\fR [CLI options] \fBsecuritydomain-get-install-token\fR [command options]
+\fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-securitydomain\fR commands provide command-line interfaces to manage the security domain.
+.PP
+\fBpki\fR [CLI options] \fBsecuritydomain\fR
+.RS 4
+This command is to list available security domain commands.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBsecuritydomain-get-install-token\fR [command options]
+.RS 4
+This command is to get an installation token.
+.RE
+.PP
+\fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options]
+.RS 4
+This command is to show the contents of the security domain.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available security domain commands, type \fBpki securitydomain\fP. To view each command's usage, type \fB pki securitydomain-<command> --help\fP.
+
+To get an installation token (used when installing a new subsystem within a security domain):
+
+\fBpki <security domain admin authentication> securitydomain-get-install-token --hostname <hostname> --subsystem <subsystem>\fP
+
+To show the contents of the security domain:
+
+\fBpki <security domain admin authentication> securitydomain-show\fP
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki-user.1 b/base/java-tools/man/man1/pki-user.1
new file mode 100644
index 000000000..a591047d3
--- /dev/null
+++ b/base/java-tools/man/man1/pki-user.1
@@ -0,0 +1,94 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-user 1 "May 5, 2014" "version 10.2" "PKI User Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-user \- Command-Line Interface for managing Certificate System users.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-user\fR
+\fBpki\fR [CLI options] \fB<subsystem>-user-find\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-show\fR <user ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-add\fR <user ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-mod\fR <user ID> [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-user-del\fR <user ID> [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-user\fR commands provide command-line interfaces to manage users on the specified subsystem.
+.PP
+Valid subsystems are \fBca\fR, \fBkra\fR, \fBocsp\fR, \fBtks\fR, and \fBtps\fR. If the \fB<subsystem>-\fR prefix is omitted, it will default to \fBca\fR.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user\fR
+.RS 4
+This command is to list available user commands for the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-find\fR [command options]
+.RS 4
+This command is to list users in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-show\fR <user ID> [command options]
+.RS 4
+This command is to view a user details in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-add\fR <user ID> [command options]
+.RS 4
+This command is to add a user into the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-mod\fR <user ID> [command options]
+.RS 4
+This command is to modify a user in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-user-del\fR <user ID> [command options]
+.RS 4
+This command is to delete a user from the subsystem.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available user commands, type \fBpki <subsystem>-user\fP. To view each command's usage, type \fB pki <subsystem>-user-<command> --help\fP.
+
+All user commands must be executed as the subsystem administrator.
+
+To list users in CA, use \fBpki ca-user-find\fP. It is possible to select the page size to limit the size of the results. To list all users:
+
+.B pki <admin authentication> ca-user-find
+
+To view a particular user:
+
+.B pki <admin authentication> ca-user-show <user ID>
+
+To add a user:
+
+.B pki <admin authentication> ca-user-add <user ID> --fullName "<full name>"
+
+To delete a user:
+
+.B pki <admin authentication> ca-user-del <user ID>
+
+.SH AUTHORS
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1
index d7fe8b15a..7f57b0ef9 100644
--- a/base/java-tools/man/man1/pki.1
+++ b/base/java-tools/man/man1/pki.1
@@ -1,7 +1,7 @@
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
-.TH pki 1 "November 18, 2013" "version 10.1" "PKI Command-Line Interface (CLI)" Ade Lee
+.TH pki 1 "May 5, 2014" "version 10.2" "PKI Command-Line Interface (CLI)" Dogtag Team
.\" Please adjust this date whenever revising the man page.
.\"
.\" Some roff macros, for reference:
@@ -18,14 +18,14 @@
pki \- Command-Line Interface for accessing Certificate System services.
.SH SYNOPSIS
-pki [CLI options] <command> [command arguments]
+\fBpki\fR [CLI options] <command> [command arguments]
.SH DESCRIPTION
.PP
-\fBpki\fR provides a command-line interface allowing clients to access various services on the Certificate System server.
+The \fBpki\fR command provides a command-line interface allowing clients to access various services on the Certificate System server.
These services include certificates, groups, keys, security domains, and users.
-.SH OPTIONS
+.SH CLI OPTIONS
.TP
.B -c <security database password>
Specifies the security database password.
@@ -34,7 +34,7 @@ Specifies the security database password.
Specifies the security database location (default: ~/.dogtag/nssdb).
.TP
.B -h <hostname>
-Specifies the hostname (default: localhost).
+Specifies the hostname (default: hostname of the local machine).
.TP
.B --help
Prints additional help information.
@@ -58,34 +58,21 @@ Specifies the username.
Displays verbose information.
.TP
.B --version
-Displays 'pki' CLI version information.
+Displays CLI version information.
.TP
.B -w <password>
Specifies the user password.
.SH OPERATIONS
-To view available commands and options, simply type \fBpki\fP. Some commands have sub-commands. To view the sub-commands, type \fBpki <command>\fP. To view each command's usage, type \fB pki <command> --help\fP.
+To view available commands and options, simply type \fBpki\fP. Some commands have sub-commands.
+To view the sub-commands, type \fBpki <command>\fP.
+To view each command's usage, type \fB pki <command> --help\fP.
-.SS Security Database
-
-The CLI uses a security database to store keys and certificates on the client side. To create a new database execute the following command:
-
-.B pki -d <security database location> -c <security database password> client-init
-
-To view certificates in the security database:
-
-.B pki -d <security database location> -c <security database password> client-cert-find
-
-To import a certificate into the security database:
-
-.B pki -d <security database location> -c <security database password> -n <certificate nickname> client-cert-import --cert <certificate file>
-
-To delete a certificate from the security database:
-
-.B pki -d <security database location> -c <security database password> client-cert-del <certificate nickname>
+A client security database is needed to execute commands that require SSL connection or client certificate
+for authentication. See \fBpki-client\fR(1) for more information.
.SS Connection
-By default, the CLI connects to a server running on the localhost via the non-secure HTTP port 8080. To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP).
+By default, the CLI connects to a server running on the local machine via the non-secure HTTP port 8080. To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP).
.B pki -P <protocol> -h <hostname> -p <port> <command>
@@ -110,129 +97,48 @@ To authenticate with a client certificate:
.B pki -d <security database location> -c <security database password> -n <certificate nickname> <command>
-.SS Viewing Certificates
-Certificates can be viewed anonymously.
-
-To list all certificates in the CA:
-
-.B pki ca-cert-find
-
-It is also possible to search for and list specific certificates by adding a search filter. Use \fBpki ca-cert-find --help\fP to see options. For example, to search based on issuance date:
-
-.B pki ca-cert-find --issuedOnFrom 2012-06-15
-
-To view a particular certificate:
-
-.B pki ca-cert-show <certificate ID>
-
-.SS Revoking Certificates
-Revoking, holding, or releasing a certificate must be executed as an agent user.
-To revoke a certificate:
-
-.B pki <agent authentication> ca-cert-revoke <certificate ID>
-
-To place a certificate on hold temporarily:
-
-.B pki <agent authentication> ca-cert-hold <certificate ID>
-
-To release a certificate that has been placed on hold:
-
-.B pki <agent authentication> ca-cert-release-hold <certificate ID>
-
-.SS Certificate Requests
-To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to.
-
-The list of profiles can be viewed using the CLI command:
-
-.B pki ca-cert-request-profile-find
-
-The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example:
-
-\fBpki ca-cert-request-profile-show <profileID> --output <file to store the XML template>\fP
-
-will store the XML template of the request in the specified output file.
-
-Then, fill in the values in the XML file and submit the request for review. This can be done without authentication.
-
-.B pki ca-cert-request-submit <request file>
-
-Then, an agent needs to review the request by running the following command:
-
-.B pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the certificate request>
-
-The certificate request, as well as the defaults and constraints of the enrollment profile, will be stored in the output file provided by the --file option. The agent can examine the file and override any values if necessary. To process the request, enter the appropriate action when prompted:
-
-.B Action (approve/reject/cancel/update/validate/assign/unassign):
-
-Alternatively, the agent can process the request in a single step with the following command:
-
-.B pki <agent authentication> ca-cert-request-review <request ID> --action <action>
-
-.SS Group Management Commands
-All group commands must be executed as the subsystem administrator. Type \fBpki <subsystem>-group\fP to view all group management commands for the subsystem.
-
-To list groups in CA, use \fBpki ca-group-find\fP. It is possible to select the page size to limit the number of entries returned. To list all groups:
-
-.B pki <admin authentication> ca-group-find
-
-To view a particular group:
-
-.B pki <admin authentication> ca-group-show <group ID>
-
-To add a group:
-
-.B pki <admin authentication> ca-group-add <group ID> --description "description"
-
-To delete a group:
-
-.B pki <admin authentication> ca-group-del <group ID>
-
-To add a user to a group:
-
-.B pki <admin authentication> ca-group-member-add <group ID> <Member ID>
-
-To delete a user from a group:
-
-.B pki <admin authentication> ca-group-member-del <group ID> <Member ID>
-
-.\".SS Key Management Commands
-.\"\fBpki\fP can be used with a KRA to find specific keys and key requests. This will be documented in more detail at a later time.
-
-.SS Security Domain Commands
-\fBpki\fP can be used to access certain information from the security domain.
-
-To get an installation token (used when installing a new subsystem within a security domain):
-
-\fBpki <security domain admin authentication> securitydomain-get-install-token --hostname <hostname> --subsystem <subsystem>\fP
-
-To show the contents of the security domain:
-
-\fBpki <security domain admin authentication> securitydomain-show\fP
-
-.SS User Management Commands
-All user commands must be executed as the subsystem administrator. Type \fBpki <subsystem>-user\fP to view all user management commands for the subsystem.
-
-To list users in CA, use \fBpki ca-user-find\fP. It is possible to select the page size to limit the size of the results. To list all users:
-
-.B pki <admin authentication> ca-user-find
-
-To view a particular user:
+.SH FILES
+.I /usr/bin/pki
-.B pki <admin authentication> ca-user-show <user ID>
+.SH SEE ALSO
+.PP
+\fBpki-cert\fR(1)
+.RS 4
+Certificate management commands
+.RE
-To add a user:
+.PP
+\fBpki-client\fR(1)
+.RS 4
+Client security database management commands
+.RE
-.B pki <admin authentication> ca-user-add <user ID> --fullName "<full name>"
+.PP
+\fBpki-group\fR(1)
+.RS 4
+Group management commands
+.RE
-To delete a user:
+.PP
+\fBpki-key\fR(1)
+.RS 4
+Key management commands
+.RE
-.B pki <admin authentication> ca-user-del <user ID>
+.PP
+\fBpki-securitydomain\fR(1)
+.RS 4
+Security domain management commands
+.RE
-.SH FILES
-.I /usr/bin/pki
+.PP
+\fBpki-user\fR(1)
+.RS 4
+User management commands
+.RE
.SH AUTHORS
-Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>. \fBpki\fP was written by the Dogtag project.
+Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
.SH COPYRIGHT
Copyright (c) 2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
generated by cgit (git 2.34.1) at 2026-01-10 14:07:06 +0000