xenial (1) pki-client.1.gz

Provided by: pki-tools_10.2.6+git20160317-1_amd64 bug

NAME

       pki-client - Command-Line Interface for managing the security database on Certificate System client.

SYNOPSIS

       pki [CLI options] client
       pki [CLI options] client-init [command options]
       pki [CLI options] client-cert-find [command options]
       pki [CLI options] client-cert-request [subject DN] [command options]
       pki [CLI options] client-cert-import [nickname] [command options]
       pki [CLI options] client-cert-mod <nickname> [command options]
       pki [CLI options] client-cert-show <nickname> [command options]
       pki [CLI options] client-cert-del <nickname> [command options]

DESCRIPTION

       The  pki-client  commands provide command-line interfaces to manage the security database on the client's
       machine.

       pki [CLI options] client
           This command is to list available client commands.

       pki [CLI options] client-init [command options]
           This command is to create a new security database for the client.

       pki [CLI options] client-cert-find [command options]
           This command is to list certificates in the client security database.

       pki [CLI options] client-cert-request [subject DN] [command options]
           This command is to generate and submit a certificate request.

       pki [CLI options] client-cert-import [nickname] [command options]
           This command is to import a certificate into the client security database.

       pki [CLI options] client-cert-mod <nickname> [command options]
           This command is to modify a certificate in the client security database.

       pki [CLI options] client-cert-show <nickname> [command options]
           This command is to view a certificate in the client security database.

       pki [CLI options] client-cert-del <nickname> [command options]
           This command is to delete a certificate from the client security database.

OPTIONS

       The CLI options are described in pki(1).

OPERATIONS

       To  view  available  client  commands,  type  pki  client.  To  view  each  command's  usage,  type   pki
       client-<command> --help.

       To create a new database execute the following command:

       pki -d <security database location> -c <security database password> client-init

       To list certificates in the security database:

       pki -d <security database location> -c <security database password> client-cert-find

       To request a certificate:

       pki -d <security database location> -c <security database password> client-cert-request [subject DN]

       The subject DN requirement depends on the certificate profile being requested.  Some profiles may require
       the user to provide a subject DN in a certain format. Some other profiles may generate their own  subject
       DN.

       Certain  profiles  may also require additional authentication. To authenticate, a username and a password
       can be specified using the --username and --password options, respectively. If  the  subject  DN  is  not
       specififed the CLI may use the username to generate a default subject DN "UID=<username>".

       To import a certificate from a file into the security database:

       pki  -d <security database location> -c <security database password> client-cert-import <nickname> --cert
       <path>

       To import a CA certificate from a file into the security database:

       pki -d <security database location> -c <security database password> client-cert-import  <nickname>  --ca-
       cert <path>

       To import certificates and private keys from a PKCS #12 file into the security database:

       pki  -d  <security  database location> -c <security database password> client-cert-import --pkcs12 <path>
       --pkcs12-password <password>

       To import a certificate from CA server into the security database:

       pki -d <security  database  location>  -c  <security  database  password>  client-cert-import  <nickname>
       --serial <serial number>

       To import a CA certificate from CA server into the security database:

       pki  -d  <security database location> -c <security database password> client-cert-import <nickname> --ca-
       server

       To modify a certificate's trust attributes in the security database:

       pki -d <security database location> -c <security database password>  client-cert-mod  <nickname>  --trust
       <trust attributes>

       To display a certificate in the security database:

       pki -d <security database location> -c <security database password> client-cert-show <nickname>

       To export a certificate from the security database into a PEM file:

       pki  -d  <security  database location> -c <security database password> client-cert-show <nickname> --cert
       <path>

       To export a certificate chain with the private key from the security database into a PKCS #12 file:

       pki -d <security database location> -c <security database password> client-cert-show <nickname>  --pkcs12
       <path> --pkcs12-password <password>

       To export a certificate chain with the private key with a password file:

       pki  -d <security database location> -c <security database password> client-cert-show <nickname> --pkcs12
       <path> --pkcs12-password-file <path>

       To export a client certificate with the private key from the security database into a PEM file:

       pki -d <security database location> -c <security database password> client-cert-show <nickname> --client-
       cert <path>

       To delete a certificate from the security database:

       pki -d <security database location> -c <security database password> client-cert-del <nickname>

AUTHORS

       Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.

       Copyright  (c)  2014  Red  Hat,  Inc.  This  is  licensed under the GNU General Public License, version 2
       (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.