From 3294f5087997427d060bce85d033652f7a8431da Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 17 Nov 2015 05:08:51 +0100 Subject: Updated pki-cert and pki-server-subsystem man pages. The pki-cert and pki-server-subsystem man pages have been updated to include recent changes. https://fedorahosted.org/pki/ticket/456 --- base/java-tools/man/man1/pki-cert.1 | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'base/java-tools') diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1 index ffa1fea5d..7ece1ad7b 100644 --- a/base/java-tools/man/man1/pki-cert.1 +++ b/base/java-tools/man/man1/pki-cert.1 @@ -191,23 +191,32 @@ To release a certificate that has been placed on hold: .B pki ca-cert-release-hold .SS Certificate Requests -To request a certificate, first generate a certificate request in PKCS #10 or CRMF, and store this request in the XML template file, of the profile type the request relates to. -The list of profiles can be viewed using the CLI command: +To request a certificate, first generate a certificate signing request (CSR), +then submit it with a certificate profile. The list of available profiles can +be viewed using the following command: .B pki ca-cert-request-profile-find -The XML template file for a profile type can be created by calling the ca-cert-request-profile-show CLI command. For example: +To generate a CSR, use the certutil, PKCS10Client, or +CRMFPopClient, and store it into a file. -\fBpki ca-cert-request-profile-show \-\-output \fP +Basic requests can be submitted using the following command: -will store the XML template of the request in the specified output file. +.B pki ca-cert-request-submit --profile --request-type --csr-file --subject -Then, fill in the values in the XML file and submit the request for review. This can be done without authentication. +To submit more advanced requests, download a template of the request file for +a particular profile using the following command: + +.B pki ca-cert-request-profile-show \-\-output + +Then, edit the request file, fill in the input attributes required by the +profile, and submit the request using the following command: .B pki ca-cert-request-submit -Then, an agent needs to review the request by running the following command: +Depending on the profile, an agent may need to review the request by running +the following command: .B pki ca-cert-request-review --file -- cgit