diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-09-24 16:31:39 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 08:50:47 +0200 |
commit | 3aa0731fc660ea3d111a44926ab5dea71dc510e7 (patch) | |
tree | c4ce2ba7de1163ce699d7fb65ce19bf30e86aa68 /install/tools/man | |
parent | 60ecba77cd98f37be0d2c0f69efd307a687e59dc (diff) | |
download | freeipa-3aa0731fc660ea3d111a44926ab5dea71dc510e7.tar.gz freeipa-3aa0731fc660ea3d111a44926ab5dea71dc510e7.tar.xz freeipa-3aa0731fc660ea3d111a44926ab5dea71dc510e7.zip |
External CA installer options usability fixes
The --external_cert_file and --external_ca_file options of ipa-server-install
and ipa-ca-install have been replaced by --external-cert-file option which
accepts multiple files. The files are accepted in PEM and DER certificate and
PKCS#7 certificate chain formats.
https://fedorahosted.org/freeipa/ticket/4480
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools/man')
-rw-r--r-- | install/tools/man/ipa-ca-install.1 | 3 | ||||
-rw-r--r-- | install/tools/man/ipa-cacert-manage.1 | 5 | ||||
-rw-r--r-- | install/tools/man/ipa-server-install.1 | 11 |
3 files changed, 6 insertions, 13 deletions
diff --git a/install/tools/man/ipa-ca-install.1 b/install/tools/man/ipa-ca-install.1 index 2e0b0795a..8f7201c20 100644 --- a/install/tools/man/ipa-ca-install.1 +++ b/install/tools/man/ipa-ca-install.1 @@ -37,6 +37,9 @@ Directory Manager (existing master) password \fB\-w\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR Admin user Kerberos password used for connection check .TP +\fB\-\-external\-cert\-file\fR=\fIFILE\fR +File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. +.TP \fB\-\-no\-host\-dns\fR Do not use DNS for hostname lookup during installation .TP diff --git a/install/tools/man/ipa-cacert-manage.1 b/install/tools/man/ipa-cacert-manage.1 index 3006be7fc..1f3778833 100644 --- a/install/tools/man/ipa-cacert-manage.1 +++ b/install/tools/man/ipa-cacert-manage.1 @@ -56,10 +56,7 @@ Sign the renewed certificate by itself. Sign the renewed certificate by external CA. .TP \fB\-\-external\-cert\-file\fR=\fIFILE\fR -PEM file containing a certificate signed by the external CA. Must be given with \-\-external\-ca\-file. -.TP -\fB\-\-external\-ca\-file\fR=\fIFILE\fR -PEM file containing the external CA chain. +File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. .TP \fB\-n\fR \fINICKNAME\fR, \fB\-\-nickname\fR=\fINICKNAME\fR Nickname for the certificate. diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index ecea26db1..92d9ec85a 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -87,15 +87,8 @@ An unattended installation that will never prompt for user input \fB\-\-external\-ca\fR Generate a CSR for the IPA CA certificate to be signed by an external CA. .TP -\fB\-\-external_cert_file\fR=\fIFILE\fR -File containing the IPA CA certificate signed by the external CA in PEM format. Must be given with \-\-external_ca_file. -.TP -\fB\-\-external_ca_file\fR=\fIFILE\fR -File containing the external CA certificate chain in PEM format. Must be given with \-\-external_cert_file. - -If the CA certificate chain is in PKCS#7 format you can convert it to PEM using: - - openssl pkcs7 -in PKCS7_FILE -print_certs -out PEM_FILE +\fB\-\-external\-cert\-file\fR=\fIFILE\fR +File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. .TP \fB\-\-no\-pkinit\fR Disables pkinit setup steps |