Provided by: pki-tools_10.2.6+git20160317-1_amd64 
NAME
pki-client - Command-Line Interface for managing the security database on Certificate System client.
SYNOPSIS
pki [CLI options] client
pki [CLI options] client-init [command options]
pki [CLI options] client-cert-find [command options]
pki [CLI options] client-cert-request [subject DN] [command options]
pki [CLI options] client-cert-import [nickname] [command options]
pki [CLI options] client-cert-mod <nickname> [command options]
pki [CLI options] client-cert-show <nickname> [command options]
pki [CLI options] client-cert-del <nickname> [command options]
DESCRIPTION
The pki-client commands provide command-line interfaces to manage the security database on the client's
machine.
pki [CLI options] client
This command is to list available client commands.
pki [CLI options] client-init [command options]
This command is to create a new security database for the client.
pki [CLI options] client-cert-find [command options]
This command is to list certificates in the client security database.
pki [CLI options] client-cert-request [subject DN] [command options]
This command is to generate and submit a certificate request.
pki [CLI options] client-cert-import [nickname] [command options]
This command is to import a certificate into the client security database.
pki [CLI options] client-cert-mod <nickname> [command options]
This command is to modify a certificate in the client security database.
pki [CLI options] client-cert-show <nickname> [command options]
This command is to view a certificate in the client security database.
pki [CLI options] client-cert-del <nickname> [command options]
This command is to delete a certificate from the client security database.
OPTIONS
The CLI options are described in pki(1).
OPERATIONS
To view available client commands, type pki client. To view each command's usage, type pki
client-<command> --help.
To create a new database execute the following command:
pki -d <security database location> -c <security database password> client-init
To list certificates in the security database:
pki -d <security database location> -c <security database password> client-cert-find
To request a certificate:
pki -d <security database location> -c <security database password> client-cert-request [subject DN]
The subject DN requirement depends on the certificate profile being requested. Some profiles may require
the user to provide a subject DN in a certain format. Some other profiles may generate their own subject
DN.
Certain profiles may also require additional authentication. To authenticate, a username and a password
can be specified using the --username and --password options, respectively. If the subject DN is not
specififed the CLI may use the username to generate a default subject DN "UID=<username>".
To import a certificate from a file into the security database:
pki -d <security database location> -c <security database password> client-cert-import <nickname> --cert
<path>
To import a CA certificate from a file into the security database:
pki -d <security database location> -c <security database password> client-cert-import <nickname> --ca-
cert <path>
To import certificates and private keys from a PKCS #12 file into the security database:
pki -d <security database location> -c <security database password> client-cert-import --pkcs12 <path>
--pkcs12-password <password>
To import a certificate from CA server into the security database:
pki -d <security database location> -c <security database password> client-cert-import <nickname>
--serial <serial number>
To import a CA certificate from CA server into the security database:
pki -d <security database location> -c <security database password> client-cert-import <nickname> --ca-
server
To modify a certificate's trust attributes in the security database:
pki -d <security database location> -c <security database password> client-cert-mod <nickname> --trust
<trust attributes>
To display a certificate in the security database:
pki -d <security database location> -c <security database password> client-cert-show <nickname>
To export a certificate from the security database into a PEM file:
pki -d <security database location> -c <security database password> client-cert-show <nickname> --cert
<path>
To export a certificate chain with the private key from the security database into a PKCS #12 file:
pki -d <security database location> -c <security database password> client-cert-show <nickname> --pkcs12
<path> --pkcs12-password <password>
To export a certificate chain with the private key with a password file:
pki -d <security database location> -c <security database password> client-cert-show <nickname> --pkcs12
<path> --pkcs12-password-file <path>
To export a client certificate with the private key from the security database into a PEM file:
pki -d <security database location> -c <security database password> client-cert-show <nickname> --client-
cert <path>
To delete a certificate from the security database:
pki -d <security database location> -c <security database password> client-cert-del <nickname>
AUTHORS
Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.
COPYRIGHT
Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2
(GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.