path: root/base/java-tools/man/man1/pki.1

.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH pki 1 "May 5, 2014" "version 10.2" "PKI Command-Line Interface (CLI)" Dogtag Team
.\" Please adjust this date whenever revising the man page.
.\"
.\" Some roff macros, for reference:
.\" .nh        disable hyphenation
.\" .hy        enable hyphenation
.\" .ad l      left justify
.\" .ad b      justify to both left and right margins
.\" .nf        disable filling
.\" .fi        enable filling
.\" .br        insert line break
.\" .sp <n>    insert n+1 empty lines
.\" for man page specific macros, see man(7)
.SH NAME
pki \- Command-Line Interface for accessing Certificate System services.

.SH SYNOPSIS
\fBpki\fR [CLI options] <command> [command arguments]

.SH DESCRIPTION
.PP
The \fBpki\fR command provides a command-line interface allowing clients to access various services on the Certificate System server.
These services include certificates, groups, keys, security domains, and users.
  
.SH CLI OPTIONS
.TP
.B -c <security database password>
Specifies the security database password.
.TP
.B -d <security database location>
Specifies the security database location (default: ~/.dogtag/nssdb).
.TP
.B -h <hostname>
Specifies the hostname (default: hostname of the local machine).
.TP
.B --help
Prints additional help information.
.TP
.B -n <nickname>
Specifies the certificate nickname.
.TP
.B -P <protocol>
Specifies the protocol (default: http).
.TP
.B -p <port>
Specifies the port (default: 8080).
.TP
.B -U <URL>
Specifies the server URL.
.TP
.B -u <username>
Specifies the username.
.TP
.B -v
Displays verbose information.
.TP
.B --version
Displays CLI version information.
.TP
.B -w <password>
Specifies the user password.

.SH OPERATIONS
To view available commands and options, simply type \fBpki\fP.  Some commands have sub-commands.
To view the sub-commands, type \fBpki <command>\fP.
To view each command's usage, type \fB pki <command> --help\fP.

A client security database is needed to execute commands that require SSL connection or client certificate
for authentication. See \fBpki-client\fR(1) for more information.

.SS Connection
By default, the CLI connects to a server running on the local machine via the non-secure HTTP port 8080.  To specify a different server location, use the appropriate arguments to give a different host (\fB-h\fP), port (\fB-p\fP), or connection protocol (\fB-P\fP).

.B pki -P <protocol> -h <hostname> -p <port> <command>

Alternatively, the connection parameters can be specified as a URL:

.B pki -U <URL> <command>

where the URL is of the format \fI<protocol>://<hostname>:<port>\fP.

.SS Authentication
Some commands require authentication.  These are commands that are restricted to particular sets of users (such as agents or admins) or those operations involving certificate profiles that require authentication.

To execute a command without authentication:

.B pki <command>

To authenticate with a username and password:

.B pki -u <username> -w <password> <command>

To authenticate with a client certificate:

.B pki -d <security database location> -c <security database password> -n <certificate nickname> <command>
    
.SH FILES
.I /usr/bin/pki

.SH SEE ALSO
.PP
\fBpki-cert\fR(1)
.RS 4
Certificate management commands
.RE

.PP
\fBpki-client\fR(1)
.RS 4
Client security database management commands
.RE

.PP
\fBpki-group\fR(1)
.RS 4
Group management commands
.RE

.PP
\fBpki-key\fR(1)
.RS 4
Key management commands
.RE

.PP
\fBpki-securitydomain\fR(1)
.RS 4
Security domain management commands
.RE

.PP
\fBpki-user\fR(1)
.RS 4
User management commands
.RE

.SH AUTHORS
Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.

.SH COPYRIGHT
Copyright (c) 2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.