1pki-ca-profile(1)     PKI CA Profile Management Commands     pki-ca-profile(1)
2
3
4

NAME

6       pki-profile - Command-line interface for managing PKI CA profiles.
7
8

SYNOPSIS

10       pki [CLI-options] ca-profile
11       pki [CLI-options] ca-profile-find [command-options]
12       pki [CLI-options] ca-profile-show profile-ID [command-options]
13       pki [CLI-options] ca-profile-add input-file [command-options]
14       pki [CLI-options] ca-profile-mod input-file [command-options]
15       pki [CLI-options] ca-profile-del profile-ID [command-options]
16       pki [CLI-options] ca-profile-enable profile-ID [command-options]
17       pki [CLI-options] ca-profile-disable profile-ID [command-options]
18
19

DESCRIPTION

21       The  pki  ca-profile commands provide command-line interfaces to manage
22       profiles on the CA.
23
24
25       pki [CLI-options] ca-profile-find [command-options]
26           This command is to list the profiles.
27
28
29       pki [CLI-options] ca-profile-show profile-ID [command-options]
30           This command is to view the details of a profile.
31
32
33       pki [CLI-options] ca-profile-add input-file [command-options]
34         This command is to create a new profile.
35
36
37       pki [CLI-options] ca-profile-mod input-file [command-options]
38           This command is to modify an existing profile.
39
40
41       pki [CLI-options] ca-profile-del profile-ID [command-options]
42           This command is to delete a profile.
43
44
45       pki [CLI-options] ca-profile-enable profile-ID [command-options]
46           This command is to enable a profile.
47
48
49       pki [CLI-options] ca-profile-disable profile-ID [command-options]
50           This command is to disable a profile.
51
52

OPTIONS

54       The CLI options are described in pki(1).
55
56

OPERATIONS

58       To view available profile commands, type pki ca-profile.  To view  each
59       command's usage, type pki ca-profile-<command> --help.
60
61
62       All the pki ca-profile commands require CA agent authentication.
63
64
65   Viewing the profiles
66              $ pki <CA agent authentication> ca-profile-find
67
68
69
70       The results can be paged using the --start and --size options described
71       in pki(1).
72
73
74       To view the contents of a profile:
75
76
77       A set of profile inputs, profile outputs, authenticators, policies  and
78       constraints are defined in a profile.  These contents can be viewed us‐
79       ing the following command:
80
81
82              $ pki <CA agent authentication> ca-profile-show <profile ID>
83
84
85
86       To store the output of the above operation, the output option  must  be
87       specified.
88
89
90              $ pki <CA agent authentication> ca-profile-show <profile ID> --output <file path>
91
92
93
94       This output file can be used for modifying the profile.  It can be used
95       as a template for certificate enrollment as well but, a  more  suitable
96       template  can  be  fetched using the pki cert-request-profile-show com‐
97       mand.  The pki cert-request-profile-show command does  not  require  an
98       agent/administrator  level authentication and contains only the profile
99       inputs section (which is required for certificate enrollment).
100
101
102   Add/Modify/Delete a profile
103              $ pki <CA admin authentication> ca-profile-add <input file>
104
105
106
107       The contents of the input file must be in an XML format returned by the
108       ca-profile-show command.  This data will be marshaled by the CLI client
109       to create a new profile in the CA.  The profile must be disabled before
110       it  is  modified.  It must be enabled after modification to be used for
111       certificate enrollment.
112
113
114       To modify an existing profile:
115
116
117              $ pki <CA admin authentication> ca-profile-mod <input file>
118
119
120
121       The profile data can be retrieved using the ca-profile-show command and
122       after  editing  the file, it can be provided to the profile-mod command
123       to modify an existing profile.
124
125
126       To delete a profile in the CA:
127
128
129              $ pki <CA admin authentication> ca-profile-del <profile ID>
130
131
132
133   Enabling/Disabling a profile in the CA
134       To enable a profile in the CA:
135
136
137              $ pki <CA agent authenticaton> ca-profile-enable <profile ID>
138
139
140
141       A profile must be enabled before it can be used.
142
143
144       To disable a profile in the CA:
145
146
147              $ pki <CA agent authentication> ca-profile-disable <profile ID>
148
149
150
151       A profile must be disabled before it can be modified.
152
153
154       Note: Modifying or deleting a profile requires user(s)  that  have  two
155       roles (admin and agent).  The same user may be in both roles.  An agent
156       is needed to first disable the profile.  Once the profile is  disabled,
157       it  can be modified/deleted by an admin user.  Then, an agent is needed
158       to enable the profile for use by the CA.
159
160

SEE ALSO

162       pki(1)
163
164

AUTHORS

166       Abhishek Koneru &lt;akoneru@redhat.com&gt;.
167
168
170       Copyright (c) 2014 Red Hat, Inc.  This is licensed under the  GNU  Gen‐
171       eral  Public  License,  version  2  (GPLv2).  A copy of this license is
172       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
173
174
175
176PKI                              Sep 30, 2014                pki-ca-profile(1)
Impressum