From 68897c7b94eed480738bd867c471585b6f52f1db Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 5 Nov 2013 09:49:42 -0500 Subject: Renamed CLI commands. The following commands have been renamed. The old commands will no longer work. * profile -> ca-profile * kraconnector -> ca-kraconnector The following commands have also been renamed, but the old commands will continue to work: * cert -> ca-cert * key -> kra-key The user and group commands have already been renamed to - user and -group. The old commands will continue to work and will use CA subsystem by default. Ticket #701 --- base/java-tools/man/man1/pki.1 | 67 ++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 35 deletions(-) (limited to 'base/java-tools/man') diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1 index 1f692e83d..966e2ee6f 100644 --- a/base/java-tools/man/man1/pki.1 +++ b/base/java-tools/man/man1/pki.1 @@ -1,7 +1,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH pki 1 "December 13, 2012" "version 1.0" "PKI Command-Line Interface (CLI) Tools" Ade Lee +.TH pki 1 "November 5, 2013" "version 10.1" "PKI Command-Line Interface (CLI) Tools" Ade Lee .\" Please adjust this date whenever revising the man page. .\" .\" Some roff macros, for reference: @@ -47,11 +47,8 @@ Specifies the protocol (default: http). .B -p Specifies the port (default: 8080). .TP -.B -t -Specifies the type of subsystem (default: ca). -.TP -.B -U -Specifies the server URI. +.B -U +Specifies the server URL. .TP .B -u Specifies the username. @@ -69,15 +66,15 @@ Specifies the user password. To view available commands and options, simply type \fBpki\fP. Some commands have sub-commands. To view the sub-commands, type \fBpki \fP. To view each command's usage, type \fB pki --help\fP. .SS Connection -By default, \fBpki\fP connects to the non-secure (HTTP) port of a CA server running on localhost on port 8080. To specify a different server location, use the appropriate arguements to give a different host (\fB-h\fP), port (\fB-p\fP), connection protocol (\fB-P\fP), or subsystem type (\fB-t\fP). +By default, the \fBpki\fP client connects to a server running on the localhost via the non-secure HTTP port 8080. To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP). -.B pki -P -h -p -t +.B pki -P -h -p Alternatively, the connection parameters can be specified as a URL: -.B pki -U +.B pki -U -where the URL is of the format \fIhttps://:/\fP. +where the URL is of the format \fI://:\fP. .SS Authentication Some commands require authentication. These are commands that are restricted to particular sets of users (such as agents or admins) or those operations involving certificate profiles that require authentication. @@ -97,31 +94,31 @@ To authenticate with a client certificate: .SS Viewing Certificates Certificates can be viewed anonymously. -To list all certificates: +To list all certificates in the CA: -.B pki cert-find +.B pki ca-cert-find -It is also possible to search for and list specific certificates by adding a search filter. Use \fBpki cert-find --help\fP to see options. For example, to search based on issuance date: +It is also possible to search for and list specific certificates by adding a search filter. Use \fBpki ca-cert-find --help\fP to see options. For example, to search based on issuance date: -.B pki cert-find --issuedOnFrom 2012-06-15 +.B pki ca-cert-find --issuedOnFrom 2012-06-15 To view a particular certificate: -.B pki cert-show +.B pki ca-cert-show .SS Revoking Certificates Revoking, holding, or releasing a certificate must be executed as an agent user. To revoke a certificate: -.B pki cert-revoke +.B pki ca-cert-revoke To place a certificate on hold temporarily: -.B pki cert-hold +.B pki ca-cert-hold To release a certificate that has been placed on hold: -.B pki cert-release-hold +.B pki ca-cert-release-hold .SS Certificate Requests To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to. @@ -138,11 +135,11 @@ will store the XML template of the request in the specified output file. Then, fill in the values in the XML file and submit the request for review. This can be done without authentication. -.B pki cert-request-submit +.B pki ca-cert-request-submit Then, an agent needs to review the request by running the following command: -.B pki cert-request-review --file +.B pki ca-cert-request-review --file The certificate request, as well as the defaults and constraints of the enrollment profile, will be stored in the output file provided by the --file option. The agent can examine the file and override any values if necessary. To process the request, enter the appropriate action when prompted: @@ -150,34 +147,34 @@ The certificate request, as well as the defaults and constraints of the enrollme Alternatively, the agent can process the request in a single step with the following command: -.B pki cert-request-review --action +.B pki ca-cert-request-review --action .SS Group Management Commands -All group commands must be executed as an administrator. Some representative commands are shown below. Type \fBpki group\fP to get a list of additional commands. +All group commands must be executed as the subsystem administrator. Type \fBpki -group\fP to view all group management commands for the subsystem. -To list groups, use \fBpki group-find\fP. It is possible to select the page size to limit the number of entries returned. To list all groups: +To list groups in CA, use \fBpki ca-group-find\fP. It is possible to select the page size to limit the number of entries returned. To list all groups: -.B pki group-find +.B pki ca-group-find To view a particular group: -.B pki group-show +.B pki ca-group-show To add a group: -.B pki group-add --description "description" +.B pki ca-group-add --description "description" To delete a group: -.B pki group-del +.B pki ca-group-del To add a user to a group: -.B pki group-member-add +.B pki ca-group-member-add To delete a user from a group: -.B pki group-member-del +.B pki ca-group-member-del .\".SS Key Management Commands .\"\fBpki\fP can be used with a KRA to find specific keys and key requests. This will be documented in more detail at a later time. @@ -194,23 +191,23 @@ To show the contents of the security domain: \fBpki securitydomain-show\fP .SS User Management Commands -All user commands must be executed as an administrator. Some representative commands are shown below. Type \fBpki user\fP to get a list of additional commands. +All user commands must be executed as the subsystem administrator. Type \fBpki -user\fP to view all user management commands for the subsystem. -To list users, use \fBpki user-find\fP. It is possible to select the page size to limit the size of the results. To list all users: +To list users in CA, use \fBpki ca-user-find\fP. It is possible to select the page size to limit the size of the results. To list all users: -.B pki user-find +.B pki ca-user-find To view a particular user: -.B pki user-show +.B pki ca-user-show To add a user: -.B pki user-add --fullName "" +.B pki ca-user-add --fullName "" To delete a user: -.B pki user-del +.B pki ca-user-del .SH FILES .I /usr/bin/pki -- cgit