1pki-client(1) PKI Client Security Database Management Commands pki-client(1)
2
6 pki-client - Command-Line Interface for managing the security database
7 on Certificate System client.
8
10 pki [CLI options] client
11 pki [CLI options] client-init [command options]
12 pki [CLI options] client-cert-find [command options]
13 pki [CLI options] client-cert-request [subject DN] [command options]
14 pki [CLI options] client-cert-import [nickname] [command options]
15 pki [CLI options] client-cert-mod <nickname> [command options]
16 pki [CLI options] client-cert-show <nickname> [command options]
17 pki [CLI options] client-cert-del <nickname> [command options]
18
21 The pki-client commands provide command-line interfaces to manage the
22 security database on the client's machine.
23 pki [CLI options] client
25 This command is to list available client commands.
26 pki [CLI options] client-init [command options]
28 This command is to create a new security database for the client.
29 pki [CLI options] client-cert-find [command options]
31 This command is to list certificates in the client security data‐
32 base.
33 pki [CLI options] client-cert-request [subject DN] [command options]
35 This command is to generate and submit a certificate request.
36 pki [CLI options] client-cert-import [nickname] [command options]
38 This command is to import a certificate into the client security
39 database.
40 pki [CLI options] client-cert-mod <nickname> [command options]
42 This command is to modify a certificate in the client security
43 database.
44 pki [CLI options] client-cert-show <nickname> [command options]
46 This command is to view a certificate in the client security data‐
47 base.
48 pki [CLI options] client-cert-del <nickname> [command options]
50 This command is to delete a certificate from the client security
51 database.
52
55 The CLI options are described in pki(1).
56
59 To view available client commands, type pki client. To view each com‐
60 mand's usage, type pki client-<command> --help.
61 To create a new database execute the following command:
63 pki -d <security database location> -c <security database password>
65 client-init
66 To list certificates in the security database:
68 pki -d <security database location> -c <security database password>
70 client-cert-find
71 To request a certificate:
73 pki -d <security database location> -c <security database password>
75 client-cert-request [subject DN]
76 The subject DN requirement depends on the certificate profile being
78 requested. Some profiles may require the user to provide a subject DN
79 in a certain format. Some other profiles may generate their own subject
80 DN.
81 Certain profiles may also require additional authentication. To authen‐
83 ticate, a username and a password can be specified using the --username
84 and --password options, respectively. If the subject DN is not speci‐
85 fifed the CLI may use the username to generate a default subject DN
86 "UID=<username>".
87 To import a certificate from a file into the security database:
89 pki -d <security database location> -c <security database password>
91 client-cert-import <nickname> --cert <path>
92 To import a CA certificate from a file into the security database:
94 pki -d <security database location> -c <security database password>
96 client-cert-import <nickname> --ca-cert <path>
97 To import certificates and private keys from a PKCS #12 file into the
99 security database:
100 pki -d <security database location> -c <security database password>
102 client-cert-import --pkcs12 <path> --pkcs12-password <password>
103 To import a certificate from CA server into the security database:
105 pki -d <security database location> -c <security database password>
107 client-cert-import <nickname> --serial <serial number>
108 To import a CA certificate from CA server into the security database:
110 pki -d <security database location> -c <security database password>
112 client-cert-import <nickname> --ca-server
113 To modify a certificate's trust attributes in the security database:
115 pki -d <security database location> -c <security database password>
117 client-cert-mod <nickname> --trust <trust attributes>
118 To display a certificate in the security database:
120 pki -d <security database location> -c <security database password>
122 client-cert-show <nickname>
123 To export a certificate from the security database into a PEM file:
125 pki -d <security database location> -c <security database password>
127 client-cert-show <nickname> --cert <path>
128 To export a certificate chain with the private key from the security
130 database into a PKCS #12 file:
131 pki -d <security database location> -c <security database password>
133 client-cert-show <nickname> --pkcs12 <path> --pkcs12-password <pass‐
134 word>
135 To export a certificate chain with the private key with a password
137 file:
138 pki -d <security database location> -c <security database password>
140 client-cert-show <nickname> --pkcs12 <path> --pkcs12-password-file
141 <path>
142 To export a client certificate with the private key from the security
144 database into a PEM file:
145 pki -d <security database location> -c <security database password>
147 client-cert-show <nickname> --client-cert <path>
148 To delete a certificate from the security database:
150 pki -d <security database location> -c <security database password>
152 client-cert-del <nickname>
153
156 Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and
157 Matthew Harmsen <mharmsen@redhat.com>.
158
161 Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General
162 Public License, version 2 (GPLv2). A copy of this license is available
163 at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
164version 10.2 May 5, 2014 pki-client(1)