From ab4a3e0f464cbdfbe032011f55b862fe4fe2b8fd Mon Sep 17 00:00:00 2001 From: Abhishek Koneru Date: Tue, 30 Sep 2014 14:48:00 -0400 Subject: Add a man page for profile CLI commands. --- base/java-tools/man/man1/pki-ca-profile.1 | 148 ++++++++++++++++++++++++++++++ base/java-tools/man/man1/pki.1 | 6 ++ 2 files changed, 154 insertions(+) create mode 100644 base/java-tools/man/man1/pki-ca-profile.1 (limited to 'base/java-tools/man') diff --git a/base/java-tools/man/man1/pki-ca-profile.1 b/base/java-tools/man/man1/pki-ca-profile.1 new file mode 100644 index 000000000..851e7d7e3 --- /dev/null +++ b/base/java-tools/man/man1/pki-ca-profile.1 @@ -0,0 +1,148 @@ +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH pki-profile 1 "Sep 30, 2014" "version 10.2" "PKI Profile Management Commands" Dogtag Team +.\" Please adjust this date whenever revising the man page. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for man page specific macros, see man(7) +.SH NAME +pki-profile \- Command-Line Interface for managing Certificate System profiles. + +.SH SYNOPSIS +.nf +\fBpki\fR [CLI options] \fBca-profile\fR +\fBpki\fR [CLI options] \fBca-profile-find\fR [command options] +\fBpki\fR [CLI options] \fBca-profile-show \fR [command options] +\fBpki\fR [CLI options] \fBca-profile-add \fR [command options] +\fBpki\fR [CLI options] \fBca-profile-mod \fR [command options] +\fBpki\fR [CLI options] \fBca-profile-del \fR [command options] +\fBpki\fR [CLI options] \fBca-profile-enable \fR [command options] +\fBpki\fR [CLI options] \fBca-profile-disable \fR [command options] +.fi + +.SH DESCRIPTION +.PP +The \fBpki ca-profile\fR commands provide command-line interfaces to manage profiles on the CA. + +.PP +\fBpki\fR [CLI options] \fBca-profile-find\fR [command options] +.RS 4 +This command is to list the profiles. +.RE +.PP +\fBpki\fR [CLI options] \fBca-profile-show \fR [command options] +.RS 4 +This command is to view the details of a profile. +.RE +.PP +\fBpki\fR [CLI options] \fBca-profile-add\fR [command options] +.RS 4 +This command is to create a new profile. +.RE +.PP +\fBpki\fR [CLI options] \fBca-profile-mod \fR [command options] +.RS 4 +This command is to modify an existing profile. +.RE +.PP +\fBpki\fR [CLI options] \fBca-profile-del\fR [command options] +.RS 4 +This command is to delete a profile. +.RE +.PP +\fBpki\fR [CLI options] \fBca-profile-enable\fR [command options] +.RS 4 +This command is to enable a profile. +.RE +.PP +\fBpki\fR [CLI options] \fBca-profile-disable\fR [command options] +.RS 4 +This command is to disable a profile. +.RE +.SH OPTIONS +The CLI options are described in \fBpki\fR(1). + +.SH OPERATIONS + +To view available profile commands, type \fBpki ca-profile\fP. To view each command's usage, type \fB pki ca-profile- \-\-help\fP. + +All the ca-profile commands require agent authentication. + +.SS Viewing the profiles + +.B pki ca-profile-find + +The \fBstart\fR and \fBsize\fR options can be used to specify the beginning and the size of the list. + +To view the contents of a profile: + +A set of profile inputs, profile outputs, authenticators, policies and constraints are defined in a profile. +These contents can be viewed using the following command: + +.B pki ca-profile-show + +To store the output of the above operation, the output option must be specified. + +.B pki ca-profile-show --output + +This output file can be used for modifying the profile. +It can be used as a template for certificate enrollment as well but, a more suitable template can be fetched using the \fBpki cert-request-profile-show\fR command. +The \fBpki cert-request-profile-show\fR command does not require an agent/administrator level authentication and contains only the profile inputs section (which is required for certificate enrollment). + +.SS Add/Modify/Delete a profile + +.B pki ca-profile-add + +The contents of the input file must be in an XML format returned by the profile-show command. +This data will be marshaled by the CLI client to create a new profile in the CA. +The profile must be disabled before it is modified. It must be enabled after modification to be used for +certificate enrollment. + +To modify an existing profile: + +.B pki ca-profile-mod + +The profile data can be retrieved using the profile-show command and after editing the file, +it can be provided to the profile-mod command to modify an existing profile. + +To delete a profile in the CA: + +.B pki ca-profile-del + +.SS Enabling/Disabling a profile in the CA + +To enable a profile in the CA: + +.B pki ca-profile-enable + +A profile must be enabled before it can be used. + +To disable a profile in the CA: + +.B pki ca-profile-disable + +A profile must be disabled before it can be modified. + +.B Note: +Modifying or deleting a profile requires user(s) that have two roles (admin and agent). The same user may be in both roles. An agent +is needed to first disable the profile. Once the profile is disabled, it can be modified/deleted by an admin user. Then, an agent is needed to +enable the profile for use by the CA. + +.SH AUTHORS +Abhishek Koneru . + +.SH COPYRIGHT +Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + +.SH SEE ALSO +.BR pkispawn(8), +.BR pki(1) diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1 index 8e6af9fab..ac85f1314 100644 --- a/base/java-tools/man/man1/pki.1 +++ b/base/java-tools/man/man1/pki.1 @@ -260,6 +260,12 @@ Security domain management commands User management commands .RE +.PP +\fBpki-ca-profile\fR(1) +.RS 4 +Profile management commands +.RE + .SH AUTHORS Ade Lee , Endi Dewata , and Matthew Harmsen . -- cgit