Bug 1356091
Summary: | ipa-cacert-manage --help and man differ | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | mbasti, pvoborni, rcritten, xdong |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.4.0-6.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 05:57:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petr Vobornik
2016-07-13 11:51:21 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/bf6adfe69d2dc1e6cc76d17023f4049e49cfd8ae Verified on ipa-server-4.4.0-9.el7: [root@auto-hv-01-guest02 ~]# ipa-cacert-manage --help Usage: ipa-cacert-manage renew [options] ipa-cacert-manage install [options] CERTFILE Manage CA certificates. Options: --version show program's version number and exit -h, --help show this help message and exit -p PASSWORD, --password=PASSWORD Directory Manager password Logging and output options: -v, --verbose print debugging information -q, --quiet output only errors --log-file=FILE log to the given file Renew options: --self-signed Sign the renewed certificate by itself --external-ca Sign the renewed certificate by external CA --external-cert-file=FILE File containing the IPA CA certificate and the external CA certificate chain Install options: -n NICKNAME, --nickname=NICKNAME Nickname for the certificate -t TRUST_FLAGS, --trust-flags=TRUST_FLAGS Trust flags for the certificate in certutil format [root@auto-hv-01-guest02 ~]# man ipa-cacert-manage > /tmp/ipa-cacert-manage.out [root@auto-hv-01-guest02 ~]# cat /tmp/ipa-cacert-manage.out ipa-cacert-manage(1) IPA Manual Pages ipa-cacert-manage(1) NAME ipa-cacert-manage - Manage CA certificates in IPA SYNOPSIS ipa-cacert-manage [OPTIONS...] renew ipa-cacert-manage [OPTIONS...] install CERTFILE DESCRIPTION ipa-cacert-manage can be used to manage CA certificates in IPA. COMMANDS renew - Renew the IPA CA certificate This command can be used to manually renew the CA certificate of the IPA CA. When the IPA CA is the root CA (the default), it is not usually necessary to manually renew the CA certificate, as it will be renewed automatically when it is about to expire, but you can do so if you wish. When the IPA CA is subordinate of an external CA, the renewal process involves submitting a CSR to the external CA and installing the newly issued certificate in IPA, which cannot be done automatically. It is necessary to manually renew the CA certificate in this setup. When the IPA CA is not configured, this command is not available. install - Install a CA certificate This command can be used to install the certificate contained in CERTFILE as a new CA certificate to IPA. COMMON OPTIONS --version Show the program's version and exit. -h, --help Show the help for this program. -p DM_PASSWORD, --password=DM_PASSWORD The Directory Manager password to use for authentication. -v, --verbose Print debugging information. -q, --quiet Output only errors. --log-file=FILE Log to the given file. RENEW OPTIONS --self-signed Sign the renewed certificate by itself. --external-ca Sign the renewed certificate by external CA. --external-cert-file=FILE File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. INSTALL OPTIONS -n NICKNAME, --nickname=NICKNAME Nickname for the certificate. -t TRUST_FLAGS, --trust-flags=TRUST_FLAGS Trust flags for the certificate in certutil format. Trust flags are of the form "X,Y,Z" where X is for SSL, Y is for S/MIME, and Z is for code signing. Use ",," for no explicit trust. The supported trust flags are: C - CA trusted to issue server certificates T - CA trusted to issue client certificates p - not trusted EXIT STATUS 0 if the command was successful 1 if an error occurred IPA Aug 12 2013 ipa-cacert-manage(1) A minor issue should be fixed. In man page: . . . SYNOPSIS ipa-cacert-manage [OPTIONS...] renew ipa-cacert-manage [OPTIONS...] install CERTFILE should change to : . . . SYNOPSIS ipa-cacert-manage [OPTIONS...] renew ipa-cacert-manage [OPTIONS...] install CERTFILE Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |