diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-07-23 23:07:10 -0400 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-08-12 18:24:34 +0200 |
commit | f6b32d8eea82d686ab3cf92153fa7e1f5ded70ac (patch) | |
tree | c2fabd5d5befacc224a658edb462d5b7e2627a95 /ipalib | |
parent | 5435a8a32a2e88675e84d22d6f9b97e67f6f5264 (diff) | |
download | freeipa-f6b32d8eea82d686ab3cf92153fa7e1f5ded70ac.tar.gz freeipa-f6b32d8eea82d686ab3cf92153fa7e1f5ded70ac.tar.xz freeipa-f6b32d8eea82d686ab3cf92153fa7e1f5ded70ac.zip |
certprofile: add profile format explanation
Part of: https://fedorahosted.org/freeipa/ticket/5089
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/certprofile.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 658fbca3b..1dd4f403e 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -47,9 +47,29 @@ EXAMPLES: Show information about a profile: ipa certprofile-show ShortLivedUserCert + Save profile configuration to a file: + ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg + Search for profiles that do not store certificates: ipa certprofile-find --store=false +PROFILE CONFIGURATION FORMAT: + +The profile configuration format is the raw property-list format +used by Dogtag Certificate System. The XML format is not supported. + +The following restrictions apply to profiles managed by FreeIPA: + +- When importing a profile the "profileId" field, if present, must + match the ID given on the command line. + +- The "classId" field must be set to "caEnrollImpl" + +- The "auth.instance_id" field must be set to "raCertAuth" + +- The "certReqInputImpl" input class and "certOutputImpl" output + class must be used. + """) |