From 6980b073035cdd43b30b58aba3ce7f84f16a14ad Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 11 Jul 2008 11:34:29 -0400 Subject: Rework the way SSL certificates are imported from PKCS#12 files. Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402 --- ipa-server/man/ipa-replica-prepare.1 | 13 +++++++++++++ ipa-server/man/ipa-server-certinstall.1 | 9 ++++++++- ipa-server/man/ipa-server-install.1 | 15 +++++++++++++-- 3 files changed, 34 insertions(+), 3 deletions(-) (limited to 'ipa-server/man') diff --git a/ipa-server/man/ipa-replica-prepare.1 b/ipa-server/man/ipa-replica-prepare.1 index b04bb665..8eb49444 100644 --- a/ipa-server/man/ipa-replica-prepare.1 +++ b/ipa-server/man/ipa-replica-prepare.1 @@ -29,6 +29,19 @@ A replica can only be created on an IPA server installed with ipa\-server\-insta You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname. Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname. +.SH "OPTIONS" +.TP +\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Directory Server SSL Certificate +.TP +\fB\-\-http_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Apache Server SSL Certificate +.TP +\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR +The password of the Directory Server PKCS#12 file +.TP +\fB\-\-http_pin\fR=\fIHTTP_PIN\fR +The password of the Apache Server PKCS#12 file .SH "EXIT STATUS" 0 if the command was successful diff --git a/ipa-server/man/ipa-server-certinstall.1 b/ipa-server/man/ipa-server-certinstall.1 index 95067696..946ab9f8 100644 --- a/ipa-server/man/ipa-server-certinstall.1 +++ b/ipa-server/man/ipa-server-certinstall.1 @@ -26,8 +26,9 @@ Replace the current SSL Directory and/or Apache server certificate(s) with the c PKCS#12 is a file format used to safely transport SSL certificates and public/private keypairs. -They may be generated and managed using the NSS pk12util command or the OpeNSSL pkcs12 command. +They may be generated and managed using the NSS pk12util command or the OpenSSL pkcs12 command. +The service(s) are not automatically restarted. In order to use the newly installed certificate(s) you will need to manually restart the Directory and/or Apache servers. .SH "OPTIONS" .TP \fB\-d\fR, \fB\-\-dirsrv\fR @@ -35,6 +36,12 @@ Install the certificate on the Directory Server .TP \fB\-w\fR, \fB\-\-http\fR Install the certificate in the Apache Web Server +.TP +\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR +The password of the Directory Server PKCS#12 file +.TP +\fB\-\-http_pin\fR=\fIHTTP_PIN\fR +The password of the Apache Server PKCS#12 file .SH "EXIT STATUS" 0 if the installation was successful diff --git a/ipa-server/man/ipa-server-install.1 b/ipa-server/man/ipa-server-install.1 index 9fa06c77..8854f4e5 100644 --- a/ipa-server/man/ipa-server-install.1 +++ b/ipa-server/man/ipa-server-install.1 @@ -60,10 +60,21 @@ Generate a DNS zone file that contains auto\-discovery records for this IPA serv .TP \fB\-n\fR, \fB\-\-no\-ntp\fR Do not configure NTP -\-U\fR, \fB\-\-uninstall\fR +\fB\-U\fR, \fB\-\-uninstall\fR Uninstall an existing IPA installation +.TP +\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Directory Server SSL Certificate +.TP +\fB\-\-http_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Apache Server SSL Certificate +.TP +\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR +The password of the Directory Server PKCS#12 file +.TP +\fB\-\-http_pin\fR=\fIHTTP_PIN\fR +The password of the Apache Server PKCS#12 file .PP -By default the full name, home Directory and login shell and username fields are displayed. .SH "EXIT STATUS" 0 if the installation was successful -- cgit