1pki-user-cert(1) PKI User Certificate Management Commands pki-user-cert(1)
2
3
4
6 pki-user-cert - Command-Line Interface for managing Certificate System
7 user certificates.
8
9
11 pki [CLI options] <subsystem>-user-cert
12 pki [CLI options] <subsystem>-user-cert-find <user ID> [command options]
13 pki [CLI options] <subsystem>-user-cert-show <user ID> <cert ID> [command options]
14 pki [CLI options] <subsystem>-user-cert-add <user ID> [command options]
15 pki [CLI options] <subsystem>-user-cert-del <user ID> <cert ID> [command options]
16
17
19 The pki-user-cert commands provide command-line interfaces to manage
20 user certificates on the specified subsystem.
21
22 Valid subsystems are ca, kra, ocsp, tks, and tps. If the <subsystem>-
23 prefix is omitted, it will default to ca.
24
25 pki [CLI options] <subsystem>-user-cert
26 This command is to list available user certificate commands for the
27 subsystem.
28
29 pki [CLI options] <subsystem>-user-cert-find <user ID> [command
30 options]
31 This command is to list certificates owned by the subsystem user.
32
33 pki [CLI options] <subsystem>-user-cert-show <user ID> <cert ID> [com‐
34 mand options]
35 This command is to view the details of a certificate owned to the
36 subsystem user.
37
38 pki [CLI options] <subsystem>-user-cert-add <user ID> [command options]
39 This command is to add a certificate to the subsystem user.
40
41 pki [CLI options] <subsystem>-user-cert-del <user ID> <cert ID> [com‐
42 mand options]
43 This command is to delete a certificate from the subsystem user.
44
45
47 The CLI options are described in pki(1).
48
49
51 To view available user certificate commands, type pki <subsystem>-user-
52 cert. To view each command's usage, type pki <subsystem>-user-
53 cert-<command> --help.
54
55 All user certificate commands must be executed as the subsystem admin‐
56 istrator.
57
58 For example, to list certificates owned by a CA user execute the fol‐
59 lowing command:
60
61 pki <CA admin authentication> ca-user-cert-find testuser
62
63 The results can be paged by specifying the (0-based) index of the first
64 entry to return and the maximum number of entries returned:
65
66 pki <CA admin authentication> ca-user-cert-find testuser --start 20
67 --size 10
68
69 The above command will return entries #20 to #29.
70
71 To view a certificate owned by a CA user, specify the user ID and the
72 certificate ID in the following command:
73
74 pki <CA admin authentication> ca-user-cert-show testuser “2;11;CN=CA
75 Signing Certificate,O=EXAMPLE;UID=testuser”
76
77 To add a certificate to a CA user from a file, specify the user ID and
78 the input file:
79
80 pki <CA admin authentication> ca-user-cert-add testuser --input tes‐
81 tuser.crt
82
83 To add a certificate to a CA user from the certificate repository,
84 specify the user ID and the serial number:
85
86 pki <CA admin authentication> ca-user-cert-add testuser --serial 0x80
87
88 To delete a certificate from a CA user, specify the user ID and the
89 certificate ID in the following command:
90
91 pki <CA admin authentication> ca-user-cert-del testuser “2;11;CN=CA
92 Signing Certificate,O=EXAMPLE;UID=testuser”
93
94
96 Endi S. Dewata <edewata@redhat.com>.
97
98
100 Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General
101 Public License, version 2 (GPLv2). A copy of this license is available
102 at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
103
104
105
106version 10.2 Jun 3, 2015 pki-user-cert(1)