1pki-server-instance(8) PKI Instance Management Commands pki-server-instance(8)
2
3
4
6 pki-server-instance - Command-line interface for managing PKI server
7 instances.
8
9
11 pki-server [CLI-options] instance
12 pki-server [CLI-options] instance-cert
13 pki-server [CLI-options] instance-cert-export
14 pki-server [CLI-options] instance-find
15 pki-server [CLI-options] instance-show instance-ID
16 pki-server [CLI-options] instance-start instance-ID
17 pki-server [CLI-options] instance-stop instance-ID
18 pki-server [CLI-options] instance-migrate --tomcat version instance-ID
19 pki-server [CLI-options] instance-nuxwdog-enable instance-ID
20 pki-server [CLI-options] instance-nuxwdog-disable instance-ID
21 pki-server [CLI-options] instance-externalcert-add -i instance-ID
22 --cert-file path --trust-args args --nickname nickname --token token
23 pki-server [CLI-options] instance-externalcert-del -i instance-ID
24 --nickname nickname --token token
25
26
28 The pki-server instance commands provide command-line interfaces to
29 manage PKI server instances. A PKI server instance consists of a sin‐
30 gle Apache Tomcat instance that contains one or more subsystems.
31
32
33 Operations that are available include: listing and showing details
34 about local instances; starting and stopping instances; performing in‐
35 stance migrations; and enabling or disabling password prompted instance
36 startup using nuxwdog.
37
38
39 pki-server [CLI-options] instance
40 This command is to list available instance commands.
41
42
43 pki-server [CLI-options] instance-cert
44 This command is to list available instance certificate commands.
45
46
47 pki-server [CLI-options] instance-cert-export
48 This command is to export system certificates and keys to a PKCS
49 #12 file.
50 The output filename and either a password or a password file are
51 required.
52 If no nicknames are specified, all the system certificates will be
53 exported.
54 Otherwise, it is possible to extract individual certificates (with
55 or without their keys and trust arguments),
56 and to append to an existing PKCS #12 file.
57
58
59 pki-server [CLI-options] instance-find
60 This command is to list local PKI server instances.
61
62
63 pki-server [CLI-options] instance-show instance-ID
64 This command is to view a details about a particular instance.
65
66
67 pki-server [CLI-options] instance-start instance-ID
68 This command is to start a PKI server instance.
69 Note that currently this command cannot be used to start nuxwdog-
70 enabled instances.
71
72
73 pki-server [CLI-options] instance-stop instance-ID
74 This command is to stop a PKI server instance.
75 Note that currently this command cannot be used to stop nuxwdog-en‐
76 abled instances.
77
78
79 pki-server [CLI-options] instance-migrate --tomcat version instance-ID
80 There are differences in configuration between Apache Tomcat 7 and
81 Apache Tomcat 8.
82 This command reconfigures a PKI server instance to match the speci‐
83 fied Tomcat version.
84 This command can be used to migrate initially created under Tomcat
85 7 when Tomcat is upgraded.
86 See pki-server migrate(8) for further details.
87
88
89 pki-server [CLI-options] instance-nuxwdog-enable instance-ID
90 This command is to convert a PKI server instance to start without
91 access to a password file,
92 using the nuxwdog daemon. See pki-server nuxwdog(8) for further
93 details.
94
95
96 pki-server [CLI-options] instance-nuxwdog-disable instance-ID
97 This command is to convert a PKI server instance to start with ac‐
98 cess to a password file,
99 rather than using the nuxwdog daemon. See pki-server nuxwdog(8)
100 for further details.
101
102
103 pki-server [CLI-options] instance-externalcert-add -i instance-ID
104 --cert-file path --trust-args args --nickname nickname --token token
105 This command is to add a certificate to the certificate database
106 for a PKI server instance.
107 The certificate will be kept track of in the configuration file ex‐
108 ternal_certs.conf,
109 and will automatically be exported when the system certificates are
110 exported.
111 To update a certificate, the old one needs to be removed first us‐
112 ing the delete command below.
113 The trust arguments are those defined for NSS databases, e.g.
114 "CT,C,C".
115 See certutil(1) for more details.
116
117
118 pki-server [CLI-options] instance-externalcert-del -i instance-ID
119 --nickname nickname --token token
120 This command is to remove a certificate from the certificate data‐
121 base for a PKI server instance.
122
123
125 The CLI options are described in pki-server(8).
126
127
129 To view available instance management commands, type pki-server in‐
130 stance. To view each command's usage, type pki-server in‐
131 stance-<command> --help.
132
133
135 Ade Lee <alee@redhat.com>.
136
137
139 Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU Gen‐
140 eral Public License, version 2 (GPLv2). A copy of this license is
141 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
142
143
144
145PKI July 15, 2015 pki-server-instance(8)