Provided by: freeipa-server_4.3.1-0ubuntu1_amd64 
NAME
ipa-cacert-manage - Manage CA certificates in IPA
SYNOPSIS
ipa-cacert-manage [OPTIONS...] COMMAND
DESCRIPTION
ipa-cacert-manage can be used to manage CA certificates in IPA.
COMMANDS
renew - Renew the IPA CA certificate
This command can be used to manually renew CA certificate of the IPA CA.
When the IPA CA is the root CA (the default), it is not usually necessary to
manually renew the CA certificate, as it will be renewed automatically when it is
about to expire, but you can do so if you wish.
When the IPA CA is subordinate of an external CA, the renewal process involves
submitting a CSR to the external CA and installing the newly issued certificate in
IPA, which cannot be done automatically. It is necessary to manually renew the CA
certificate in this setup.
When the IPA CA is not configured, this command is not available.
install
- Install a CA certificate
This command can be used to install new CA certificate to IPA.
OPTIONS
-p DM_PASSWORD, --password=DM_PASSWORD
The Directory Manager password to use for authentication.
--self-signed
Sign the renewed certificate by itself.
--external-ca
Sign the renewed certificate by external CA.
--external-cert-file=FILE
File containing the IPA CA certificate and the external CA certificate chain. The
file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats.
This option may be used multiple times.
-n NICKNAME, --nickname=NICKNAME
Nickname for the certificate.
-t TRUST_FLAGS, --trust-flags=TRUST_FLAGS
Trust flags for the certificate in certutil format. Trust flags are of the form
"X,Y,Z" where X is for SSL, Y is for S/MIME, and Z is for code signing. Use ",,"
for no explicit trust.
The supported trust flags are:
C - CA trusted to issue server certificates
T - CA trusted to issue client certificates
p - not trusted
-v, --verbose
Print debugging information.
-q, --quiet
Output only errors.
--log-file=FILE
Log to the given file.
EXIT STATUS
0 if the command was successful
1 if an error occurred