table of contents
pki-server-instance(8) | PKI Instance Management Commands | pki-server-instance(8) |
NAME¶
pki-server-instance - Command-line interface for managing PKI server instances.
SYNOPSIS¶
pki-server [CLI-options] instance
pki-server [CLI-options] instance-cert
pki-server [CLI-options] instance-cert-export
pki-server [CLI-options] instance-find
pki-server [CLI-options] instance-show instance-ID
pki-server [CLI-options] instance-start
instance-ID
pki-server [CLI-options] instance-stop instance-ID
pki-server [CLI-options] instance-migrate --tomcat
version instance-ID
pki-server [CLI-options] instance-nuxwdog-enable
instance-ID
pki-server [CLI-options] instance-nuxwdog-disable
instance-ID
pki-server [CLI-options] instance-externalcert-add
-i instance-ID --cert-file path
--trust-args args --nickname nickname
--token token
pki-server [CLI-options] instance-externalcert-del
-i instance-ID --nickname nickname
--token token
DESCRIPTION¶
The pki-server instance commands provide command-line interfaces to manage PKI server instances. A PKI server instance consists of a single Apache Tomcat instance that contains one or more subsystems.
Operations that are available include: listing and showing details about local instances; starting and stopping instances; performing instance migrations; and enabling or disabling password prompted instance startup using nuxwdog.
pki-server [CLI-options] instance
This command is to list available instance commands.
pki-server [CLI-options] instance-cert
This command is to list available instance certificate commands.
pki-server [CLI-options] instance-cert-export
This command is to export system certificates and keys to a PKCS #12 file.
The output filename and either a password or a password file are required.
If no nicknames are specified, all the system certificates will be exported.
Otherwise, it is possible to extract individual certificates (with or without
their keys and trust arguments),
and to append to an existing PKCS #12 file.
pki-server [CLI-options] instance-find
This command is to list local PKI server instances.
pki-server [CLI-options] instance-show
instance-ID
This command is to view a details about a particular instance.
pki-server [CLI-options] instance-start
instance-ID
This command is to start a PKI server instance.
Note that currently this command cannot be used to start
nuxwdog-enabled instances.
pki-server [CLI-options] instance-stop
instance-ID
This command is to stop a PKI server instance.
Note that currently this command cannot be used to stop
nuxwdog-enabled instances.
pki-server [CLI-options] instance-migrate
--tomcat version instance-ID
There are differences in configuration between Apache Tomcat 7 and Apache
Tomcat 8.
This command reconfigures a PKI server instance to match the specified Tomcat
version.
This command can be used to migrate initially created under Tomcat 7 when
Tomcat is upgraded.
See pki-server migrate(8) for further details.
pki-server [CLI-options]
instance-nuxwdog-enable instance-ID
This command is to convert a PKI server instance to start without access to a
password file,
using the nuxwdog daemon. See pki-server nuxwdog(8) for further
details.
pki-server [CLI-options]
instance-nuxwdog-disable instance-ID
This command is to convert a PKI server instance to start with access to a
password file,
rather than using the nuxwdog daemon. See pki-server nuxwdog(8)
for further details.
pki-server [CLI-options]
instance-externalcert-add -i instance-ID
--cert-file path --trust-args args
--nickname nickname --token token
This command is to add a certificate to the certificate database for a PKI
server instance.
The certificate will be kept track of in the configuration file
external_certs.conf,
and will automatically be exported when the system certificates are exported.
To update a certificate, the old one needs to be removed first using the
delete command below.
The trust arguments are those defined for NSS databases, e.g.
"CT,C,C".
See certutil(1) for more details.
pki-server [CLI-options]
instance-externalcert-del -i instance-ID
--nickname nickname --token token
This command is to remove a certificate from the certificate database for a
PKI server instance.
OPTIONS¶
The CLI options are described in pki-server(8).
OPERATIONS¶
To view available instance management commands, type pki-server instance. To view each command's usage, type pki-server instance-<command> --help.
AUTHORS¶
Ade Lee <alee@redhat.com>.
COPYRIGHT¶
Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
July 15, 2015 | PKI |