1pki-user-cert(1) PKI User Certificate Management Commands pki-user-cert(1)
2
3
4
6 pki-user-cert - Command-line interface for managing PKI user certifi‐
7 cates.
8
9
11 pki [CLI-options] <subsystem>-user-cert
12 pki [CLI-options] <subsystem>-user-cert-find user-ID [command-options]
13 pki [CLI-options] <subsystem>-user-cert-show user-ID cert-ID [com‐
14 mand-options]
15 pki [CLI-options] <subsystem>-user-cert-add user-ID [command-options]
16 pki [CLI-options] <subsystem>-user-cert-del user-ID cert-ID [com‐
17 mand-options]
18
19
21 The pki <subsystem>-user-cert commands provide command-line interfaces
22 to manage user certificates on the specified subsystem.
23
24
25 Valid subsystems are ca, kra, ocsp, tks, and tps.
26
27
28 pki [CLI-options] <subsystem>-user-cert
29 This command is to list available user certificate commands for the
30 subsystem.
31
32
33 pki [CLI-options] <subsystem>-user-cert-find user-ID [command-options]
34 This command is to list certificates owned by the subsystem user.
35
36
37 pki [CLI-options] <subsystem>-user-cert-show user-ID cert-ID [com‐
38 mand-options]
39 This command is to view the details of a certificate owned to the
40 subsystem user.
41
42
43 pki [CLI-options] <subsystem>-user-cert-add user-ID [command-options]
44 This command is to add a certificate to the subsystem user.
45
46
47 pki [CLI-options] <subsystem>-user-cert-del user-ID cert-ID [com‐
48 mand-options]
49 This command is to delete a certificate from the subsystem user.
50
51
53 The CLI options are described in pki(1).
54
55
57 To view available user certificate commands, type pki <subsys‐
58 tem>-user-cert. To view each command's usage, type pki <subsys‐
59 tem>-user-cert-<command> --help.
60
61
62 All user certificate commands must be executed as the subsystem admin‐
63 istrator.
64
65
66 For example, to list certificates owned by a CA user execute the fol‐
67 lowing command:
68
69
70 $ pki <CA admin authentication> ca-user-cert-find testuser
71
72
73
74 The results can be paged by specifying the (0-based) index of the first
75 entry to return and the maximum number of entries returned:
76
77
78 $ pki <CA admin authentication> ca-user-cert-find testuser --start 20 --size 10
79
80
81
82 The above command will return entries #20 to #29.
83
84
85 To view a certificate owned by a CA user, specify the user ID and the
86 certificate ID in the following command:
87
88
89 $ pki <CA admin authentication> ca-user-cert-show testuser \
90 "2;11;CN=CA Signing Certificate,O=EXAMPLE;UID=testuser"
91
92
93
94 To add a certificate to a CA user from a file, specify the user ID and
95 the input file:
96
97
98 $ pki <CA admin authentication> ca-user-cert-add testuser --input testuser.crt
99
100
101
102 To add a certificate to a CA user from the certificate repository,
103 specify the user ID and the serial number:
104
105
106 $ pki <CA admin authentication> ca-user-cert-add testuser --serial 0x80
107
108
109
110 To delete a certificate from a CA user, specify the user ID and the
111 certificate ID in the following command:
112
113
114 $ pki <CA admin authentication> ca-user-cert-del testuser \
115 "2;11;CN=CA Signing Certificate,O=EXAMPLE;UID=testuser"
116
117
118
120 Endi S. Dewata <edewata@redhat.com>.
121
122
124 Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU Gen‐
125 eral Public License, version 2 (GPLv2). A copy of this license is
126 available at ⟨http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt⟩.
127
128
129
130PKI Jun 3, 2015 pki-user-cert(1)