mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
certprofile: add profile format explanation
Part of: https://fedorahosted.org/freeipa/ticket/5089 Reviewed-By: Tomas Babej <tbabej@redhat.com>
This commit is contained in:
parent
5435a8a32a
commit
f6b32d8eea
@ -47,9 +47,29 @@ EXAMPLES:
|
|||||||
Show information about a profile:
|
Show information about a profile:
|
||||||
ipa certprofile-show ShortLivedUserCert
|
ipa certprofile-show ShortLivedUserCert
|
||||||
|
|
||||||
|
Save profile configuration to a file:
|
||||||
|
ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg
|
||||||
|
|
||||||
Search for profiles that do not store certificates:
|
Search for profiles that do not store certificates:
|
||||||
ipa certprofile-find --store=false
|
ipa certprofile-find --store=false
|
||||||
|
|
||||||
|
PROFILE CONFIGURATION FORMAT:
|
||||||
|
|
||||||
|
The profile configuration format is the raw property-list format
|
||||||
|
used by Dogtag Certificate System. The XML format is not supported.
|
||||||
|
|
||||||
|
The following restrictions apply to profiles managed by FreeIPA:
|
||||||
|
|
||||||
|
- When importing a profile the "profileId" field, if present, must
|
||||||
|
match the ID given on the command line.
|
||||||
|
|
||||||
|
- The "classId" field must be set to "caEnrollImpl"
|
||||||
|
|
||||||
|
- The "auth.instance_id" field must be set to "raCertAuth"
|
||||||
|
|
||||||
|
- The "certReqInputImpl" input class and "certOutputImpl" output
|
||||||
|
class must be used.
|
||||||
|
|
||||||
""")
|
""")
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user