certprofile: add profile format explanation

Part of: https://fedorahosted.org/freeipa/ticket/5089

Reviewed-By: Tomas Babej <tbabej@redhat.com>
This commit is contained in:
Fraser Tweedale 2015-07-23 23:07:10 -04:00 committed by Tomas Babej
parent 5435a8a32a
commit f6b32d8eea

View File

@ -47,9 +47,29 @@ EXAMPLES:
Show information about a profile: Show information about a profile:
ipa certprofile-show ShortLivedUserCert ipa certprofile-show ShortLivedUserCert
Save profile configuration to a file:
ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg
Search for profiles that do not store certificates: Search for profiles that do not store certificates:
ipa certprofile-find --store=false ipa certprofile-find --store=false
PROFILE CONFIGURATION FORMAT:
The profile configuration format is the raw property-list format
used by Dogtag Certificate System. The XML format is not supported.
The following restrictions apply to profiles managed by FreeIPA:
- When importing a profile the "profileId" field, if present, must
match the ID given on the command line.
- The "classId" field must be set to "caEnrollImpl"
- The "auth.instance_id" field must be set to "raCertAuth"
- The "certReqInputImpl" input class and "certOutputImpl" output
class must be used.
""") """)