1 files changed, 41 insertions, 0 deletions

diff --git a/docs/certmaster-ca.pod b/docs/certmaster-ca.pod
new file mode 100644
index 0000000..fce3f73
--- /dev/null
+++ b/docs/certmaster-ca.pod
@@ -0,0 +1,41 @@
+=head1 NAME
+
+certmaster-ca -- signs certificate requests gathered by certmaster.
+
+=head1 SYNOPSIS
+
+certmaster-ca --list 
+
+certmaster-ca --sign machine.example.org
+
+=head1 DESCRIPTION
+
+"certmaster-ca --list"
+
+The list command prints all certificates that have been requested from certmaster by a remote
+service (such as funcd) but are not yet signed.
+
+func commands can't be sent to a remote machine until the certificates have been signed.
+
+"certmaster-ca --sign [hostname]"
+
+This command is used to sign a certificate and send it back to the requester.
+
+=head1 AUTO-SIGNING
+
+The certmaster can be configured to make this command unneccessary; all incoming
+requests can be signed automatically by certmaster.
+
+To configure this, edit /etc/func/certmaster.conf.
+
+=head1 ADDITONAL RESOURCES
+
+See https://hosted.fedoraproject.org/projects/func/.  It's a Wiki.
+
+See also the manpages for "func", "func-inventory", "funcd", and "certmaster".
+
+=head1 AUTHOR
+
+Various. See https://hosted.fedoraproject.org/projects/func
+
+