1pki-ca-profile(1)     PKI CA Profile Management Commands     pki-ca-profile(1)
2
3
4

NAME

6       pki-profile - Command-Line Interface for managing Certificate System CA
7       profiles.
8
9

SYNOPSIS

11       pki [CLI options] ca-profile
12       pki [CLI options] ca-profile-find [command options]
13       pki [CLI options] ca-profile-show <profile ID> [command options]
14       pki [CLI options] ca-profile-add <input file path> [command options]
15       pki [CLI options] ca-profile-mod <input file path> [command options]
16       pki [CLI options] ca-profile-del <profile ID> [command options]
17       pki [CLI options] ca-profile-enable <profile ID> [command options]
18       pki [CLI options] ca-profile-disable <profile ID> [command options]
19
20

DESCRIPTION

22       The pki ca-profile commands provide command-line interfaces  to  manage
23       profiles on the CA.
24
25
26       pki [CLI options] ca-profile-find [command options]
27           This command is to list the profiles.
28
29       pki [CLI options] ca-profile-show <profile ID> [command options]
30           This command is to view the details of a profile.
31
32       pki [CLI options] ca-profile-add <input file path> [command options]
33           This command is to create a new profile.
34
35       pki [CLI options] ca-profile-mod <input file path> [command options]
36           This command is to modify an existing profile.
37
38       pki [CLI options] ca-profile-del <profile ID> [command options]
39           This command is to delete a profile.
40
41       pki [CLI options] ca-profile-enable <profile ID> [command options]
42           This command is to enable a profile.
43
44       pki [CLI options] ca-profile-disable <profile ID> [command options]
45           This command is to disable a profile.
46
47

OPTIONS

49       The CLI options are described in pki(1).
50
51

OPERATIONS

53       To  view  available profile commands, type pki ca-profile. To view each
54       command's usage, type  pki ca-profile-<command> --help.
55
56       All the ca-profile commands require CA agent authentication.
57
58
59   Viewing the profiles
60       pki <CA agent authentication> ca-profile-find
61
62       The results can be paged using the --start and --size options described
63       in pki(1).
64
65       To view the contents of a profile:
66
67       A  set of profile inputs, profile outputs, authenticators, policies and
68       constraints are defined in a profile.  These  contents  can  be  viewed
69       using the following command:
70
71       pki <CA agent authentication> ca-profile-show <profile ID>
72
73       To  store  the output of the above operation, the output option must be
74       specified.
75
76       pki <CA agent authentication>  ca-profile-show  <profile  ID>  --output
77       <file path>
78
79       This output file can be used for modifying the profile.  It can be used
80       as a template for certificate enrollment as well but, a  more  suitable
81       template  can  be  fetched using the pki cert-request-profile-show com‐
82       mand.  The pki cert-request-profile-show command does  not  require  an
83       agent/administrator  level authentication and contains only the profile
84       inputs section (which is required for certificate enrollment).
85
86
87   Add/Modify/Delete a profile
88       pki <CA admin authentication> ca-profile-add <input file path>
89
90       The contents of the input file must be in an XML format returned by the
91       ca-profile-show command.  This data will be marshaled by the CLI client
92       to create a new profile in the CA.  The profile must be disabled before
93       it  is  modified.  It must be enabled after modification to be used for
94       certificate enrollment.
95
96       To modify an existing profile:
97
98       pki <CA admin authentication> ca-profile-mod <input file path>
99
100       The profile data can be retrieved using the ca-profile-show command and
101       after  editing  the file, it can be provided to the profile-mod command
102       to modify an existing profile.
103
104       To delete a profile in the CA:
105
106       pki <CA admin authentication> ca-profile-del <profile ID>
107
108
109   Enabling/Disabling a profile in the CA
110       To enable a profile in the CA:
111
112       pki <CA agent authenticaton> ca-profile-enable <profile ID>
113
114       A profile must be enabled before it can be used.
115
116       To disable a profile in the CA:
117
118       pki <CA agent authentication> ca-profile-disable <profile ID>
119
120       A profile must be disabled before it can be modified.
121
122       Note: Modifying or deleting a profile requires user(s)  that  have  two
123       roles (admin and agent).  The same user may be in both roles.  An agent
124       is needed to first disable the profile.  Once the profile is  disabled,
125       it  can be modified/deleted by an admin user.  Then, an agent is needed
126       to enable the profile for use by the CA.
127
128

AUTHORS

130       Abhishek Koneru <akoneru@redhat.com>.
131
132

COPYRIGHT

134       Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General
135       Public  License, version 2 (GPLv2). A copy of this license is available
136       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
137
138

SEE ALSO

140       pki(1)
141
142
143
144version 10.2                     Sep 30, 2014                pki-ca-profile(1)