xenial (1) ipa-cacert-manage.1.gz

Provided by: freeipa-server_4.3.1-0ubuntu1_amd64 bug

NAME

       ipa-cacert-manage - Manage CA certificates in IPA

SYNOPSIS

       ipa-cacert-manage [OPTIONS...] COMMAND

DESCRIPTION

       ipa-cacert-manage can be used to manage CA certificates in IPA.

COMMANDS

       renew  - Renew the IPA CA certificate

              This command can be used to manually renew CA certificate of the IPA CA.

              When the IPA CA is the root CA (the default), it is not usually necessary to manually renew the CA
              certificate, as it will be renewed automatically when it is about to expire, but you can do so  if
              you wish.

              When the IPA CA is subordinate of an external CA, the renewal process involves submitting a CSR to
              the external CA and installing  the  newly  issued  certificate  in  IPA,  which  cannot  be  done
              automatically. It is necessary to manually renew the CA certificate in this setup.

              When the IPA CA is not configured, this command is not available.

       install
              - Install a CA certificate

              This command can be used to install new CA certificate to IPA.

OPTIONS

       -p DM_PASSWORD, --password=DM_PASSWORD
              The Directory Manager password to use for authentication.

       --self-signed
              Sign the renewed certificate by itself.

       --external-ca
              Sign the renewed certificate by external CA.

       --external-cert-file=FILE
              File containing the IPA CA certificate and the external CA certificate chain. The file is accepted
              in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used  multiple
              times.

       -n NICKNAME, --nickname=NICKNAME
              Nickname for the certificate.

       -t TRUST_FLAGS, --trust-flags=TRUST_FLAGS
              Trust flags for the certificate in certutil format. Trust flags are of the form "X,Y,Z" where X is
              for SSL, Y is for S/MIME, and Z is for code signing. Use ",," for no explicit trust.

              The supported trust flags are:

                     C - CA trusted to issue server certificates

                     T - CA trusted to issue client certificates

                     p - not trusted

       -v, --verbose
              Print debugging information.

       -q, --quiet
              Output only errors.

       --log-file=FILE
              Log to the given file.

EXIT STATUS

       0 if the command was successful

       1 if an error occurred