1pki-ca-profile(1) PKI CA Profile Management Commands pki-ca-profile(1)
2
3
4
6 pki-profile - Command-line interface for managing PKI CA profiles.
7
8
10 pki [CLI-options] ca-profile
11 pki [CLI-options] ca-profile-find [command-options]
12 pki [CLI-options] ca-profile-show profile-ID [command-options]
13 pki [CLI-options] ca-profile-add input-file [command-options]
14 pki [CLI-options] ca-profile-mod input-file [command-options]
15 pki [CLI-options] ca-profile-del profile-ID [command-options]
16 pki [CLI-options] ca-profile-enable profile-ID [command-options]
17 pki [CLI-options] ca-profile-disable profile-ID [command-options]
18
19
21 The pki ca-profile commands provide command-line interfaces to manage
22 profiles on the CA.
23
24
25 pki [CLI-options] ca-profile-find [command-options]
26 This command is to list the profiles.
27
28
29 pki [CLI-options] ca-profile-show profile-ID [command-options]
30 This command is to view the details of a profile.
31
32
33 pki [CLI-options] ca-profile-add input-file [command-options]
34 This command is to create a new profile.
35
36
37 pki [CLI-options] ca-profile-mod input-file [command-options]
38 This command is to modify an existing profile.
39
40
41 pki [CLI-options] ca-profile-del profile-ID [command-options]
42 This command is to delete a profile.
43
44
45 pki [CLI-options] ca-profile-enable profile-ID [command-options]
46 This command is to enable a profile.
47
48
49 pki [CLI-options] ca-profile-disable profile-ID [command-options]
50 This command is to disable a profile.
51
52
54 The CLI options are described in pki(1).
55
56
58 To view available profile commands, type pki ca-profile. To view each
59 command's usage, type pki ca-profile-<command> --help.
60
61
62 All the pki ca-profile commands require CA agent authentication.
63
64
65 Viewing the profiles
66 $ pki <CA agent authentication> ca-profile-find
67
68
69
70 The results can be paged using the --start and --size options described
71 in pki(1).
72
73
74 To view the contents of a profile:
75
76
77 A set of profile inputs, profile outputs, authenticators, policies and
78 constraints are defined in a profile. These contents can be viewed us‐
79 ing the following command:
80
81
82 $ pki <CA agent authentication> ca-profile-show <profile ID>
83
84
85
86 To store the output of the above operation, the output option must be
87 specified.
88
89
90 $ pki <CA agent authentication> ca-profile-show <profile ID> --output <file path>
91
92
93
94 This output file can be used for modifying the profile. It can be used
95 as a template for certificate enrollment as well but, a more suitable
96 template can be fetched using the pki cert-request-profile-show com‐
97 mand. The pki cert-request-profile-show command does not require an
98 agent/administrator level authentication and contains only the profile
99 inputs section (which is required for certificate enrollment).
100
101
102 Add/Modify/Delete a profile
103 $ pki <CA admin authentication> ca-profile-add <input file>
104
105
106
107 The contents of the input file must be in an XML format returned by the
108 ca-profile-show command. This data will be marshaled by the CLI client
109 to create a new profile in the CA. The profile must be disabled before
110 it is modified. It must be enabled after modification to be used for
111 certificate enrollment.
112
113
114 To modify an existing profile:
115
116
117 $ pki <CA admin authentication> ca-profile-mod <input file>
118
119
120
121 The profile data can be retrieved using the ca-profile-show command and
122 after editing the file, it can be provided to the profile-mod command
123 to modify an existing profile.
124
125
126 To delete a profile in the CA:
127
128
129 $ pki <CA admin authentication> ca-profile-del <profile ID>
130
131
132
133 Enabling/Disabling a profile in the CA
134 To enable a profile in the CA:
135
136
137 $ pki <CA agent authenticaton> ca-profile-enable <profile ID>
138
139
140
141 A profile must be enabled before it can be used.
142
143
144 To disable a profile in the CA:
145
146
147 $ pki <CA agent authentication> ca-profile-disable <profile ID>
148
149
150
151 A profile must be disabled before it can be modified.
152
153
154 Note: Modifying or deleting a profile requires user(s) that have two
155 roles (admin and agent). The same user may be in both roles. An agent
156 is needed to first disable the profile. Once the profile is disabled,
157 it can be modified/deleted by an admin user. Then, an agent is needed
158 to enable the profile for use by the CA.
159
160
162 pki(1)
163
164
166 Abhishek Koneru <akoneru@redhat.com>.
167
168
170 Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU Gen‐
171 eral Public License, version 2 (GPLv2). A copy of this license is
172 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
173
174
175
176PKI Sep 30, 2014 pki-ca-profile(1)