pki-server-instance(8)

1pki-server-instance(8) PKI Instance Management Commands pki-server-instance(8)
2
3
4

NAME

6       pki-server-instance  -  Command-Line Interface for managing Certificate
7       System instances.
8
9

SYNOPSIS

11       pki-server [CLI options] instance
12       pki-server [CLI options] instance-cert
13       pki-server [CLI options] instance-cert-export
14       pki-server [CLI options] instance-find
15       pki-server [CLI options] instance-show <instance ID>
16       pki-server [CLI options] instance-start <instance ID>
17       pki-server [CLI options] instance-stop <instance ID>
18       pki-server [CLI options] instance-migrate --tomcat <version> <instance ID>
19       pki-server [CLI options] instance-nuxwdog-enable <instance ID>
20       pki-server [CLI options] instance-nuxwdog-disable <instance ID>
21       pki-server [CLI options] instance-externalcert-add -i <instance ID>
22           --cert-file <path> --trust-args <args> --nickname <nickname> --token <token>
23       pki-server [CLI options] instance-externalcert-del -i <instance ID>
24           --nickname <nickname> --token <token>
25
26

DESCRIPTION

28       The pki-server instance commands  provide  command-line  interfaces  to
29       manage   Certificate  Server  (CS)  instances.   A  Certificate  Server
30       instance consists of a single Apache Tomcat instance that contains  one
31       or more CS subsystems.
32
33       Operations  that  are  available  include:  listing and showing details
34       about local instances;  starting  and  stopping  instances;  performing
35       instance  migrations;  and  enabling  or  disabling  password  prompted
36       instance startup using nuxwdog.
37
38       pki-server [CLI options] instance
39           This command is to list available instance commands.
40
41       pki-server [CLI options] instance-cert
42           This command is to list available instance certificate commands.
43
44       pki-server [CLI options] instance-cert-export
45           This command is to export system certificates and keys  to  a  PKCS
46           #12  file.  The output filename and either a password or a password
47           file are required.  If no nicknames are specified, all  the  system
48           certificates  will  be  exported.   Otherwise,  it  is  possible to
49           extract individual certificates (with or  without  their  keys  and
50           trust arguments), and to append to an existing PKCS #12 file.
51
52       pki-server [CLI options] instance-find
53           This command is to list local CS instances.
54
55       pki-server [CLI options] instance-show <instance ID>
56           This command is to view a details about a particular instance.
57
58       pki-server [CLI options] instance-start <instance ID>
59           This  command  is to start a CS instance.  Note that currently this
60           command cannot be used to start nuxwdog-enabled instances.
61
62       pki-server [CLI options] instance-stop <instance ID>
63           This command is to stop a CS instance.  Note  that  currently  this
64           command cannot be used to stop nuxwdog-enabled instances.
65
66       pki-server    [CLI   options]   instance-migrate   --tomcat   <version>
67       <instance_ID>
68           There are differences in configuration between Apache Tomcat 7  and
69           Apache  Tomcat 8.  This command reconfigures a CS instance to match
70           the specified Tomcat version.  This command can be used to  migrate
71           initially  created  under  Tomcat  7 when Tomcat is upgraded..  See
72           pki-server migrate(8) for further details.
73
74       pki-server [CLI options] instance-nuxwdog-enable <instance ID>
75           This command is to convert a CS instance to start without access to
76           a  password  file,  using the nuxwdog daemon.  See pki-server nuxw‐
77           dog(8) for further details.
78
79       pki-server [CLI options] instance-nuxwdog-disable <instance ID>
80           This command is to convert a CS instance to start with access to  a
81           password  file,  rather  than  using  the nuxwdog daemon.  See pki-
82           server nuxwdog(8) for further details.
83
84       pki-server [CLI options] instance-externalcert-add -i <instance ID>
85           --cert-file  <path>  --trust-args  <args>   --nickname   <nickname>
86       --token <token>
87           This  command  is  to add a certificate to the certificate database
88           for a CS instance.  The certificate will be kept track  of  in  the
89           configuration  file  external_certs.conf, and will automatically be
90           exported when the system certificates are exported.   To  update  a
91           certificate, the old one needs to be removed first using the delete
92           command below.
93
94           The trust  arguments  are  those  defined  for  NSS  databases  eg.
95           "C,c,c".  See certutil(1) for more details.
96
97       pki-server [CLI options] instance-externalcert-del -i <instance ID>
98           --nickname <nickname> --token <token>
99           This  command is to remove a certificate from the certificate data‐
100           base for a CS instance.
101
102

OPTIONS

104       The CLI options are described in pki-server(8).
105
106

OPERATIONS

108       To  view  available  instance  management  commands,  type   pki-server
109       instance.    To   view   each   command's   usage,   type    pki-server
110       instance-<command> --help.
111
112       All pki-server commands must be executed as the system administrator.
113
114

AUTHORS

116       Ade Lee <alee@redhat.com>
117
118

COPYRIGHT

120       Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General
121       Public  License, version 2 (GPLv2). A copy of this license is available
122       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
123
124
125
126version 10.2                     July 15, 2015          pki-server-instance(8)