EnglishFrenchSpanish

OnWorks favicon

pki-cert - Online in the Cloud

Run pki-cert in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command pki-cert that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


pki-cert - Command-Line Interface for managing certificates on the Certificate System
server.

SYNOPSIS


pki [CLI options] <subsystem>-cert
pki [CLI options] <subsystem>-cert-find [command options]
pki [CLI options] <subsystem>-cert-show <certificate ID> [command options]
pki [CLI options] <subsystem>-cert-revoke <certificate ID> [command options]
pki [CLI options] <subsystem>-cert-hold <certificate ID> [command options]
pki [CLI options] <subsystem>-cert-release-hold <certificate ID> [command options]
pki [CLI options] <subsystem>-cert-request-profile-find [command options]
pki [CLI options] <subsystem>-cert-request-profile-show <profile ID> [command options]
pki [CLI options] <subsystem>-cert-request-submit [command options]
pki [CLI options] <subsystem>-cert-request-review <request ID> [command options]

DESCRIPTION


The pki-cert commands provide command-line interfaces to manage certificates on the
specified subsystem.

Valid subsystems are ca and tps. If the <subsystem>- prefix is omitted, it will default to
ca.

pki [CLI options] <subsystem>-cert
This command is to list available certificate commands for the subsystem. Different
subsystems may have different certificate commands.

pki [CLI options] <subsystem>-cert-find [command options]
This command is to list certificates in the subsystem.

pki [CLI options] <subsystem>-cert-show <certificate ID> [command options]
This command is to view a certificate details in the subsystem.

pki [CLI options] <subsystem>-cert-revoke <certificate ID>
This command is to revoke a certificate.

pki [CLI options] <subsystem>-cert-hold <certificate ID>
This command is to place a certificate on hold temporarily.

pki [CLI options] <subsystem>-cert-release-hold <certificate ID>
This command is to release a certificate that has been placed on hold.

pki [CLI options] <subsystem>-cert-request-profile-find [command options]
This command is to list available certificate request templates.

pki [CLI options] <subsystem>-cert-request-profile-show <profile ID> [command options]
This command is to view a certificate request template.

pki [CLI options] <subsystem>-cert-request-submit [command options]
This command is to submit a certificate request.

pki [CLI options] <subsystem>-cert-request-review <request ID> [command options]
This command is to review a certificate request.

OPTIONS


The CLI options are described in pki(1).

OPERATIONS


To view available certificate commands, type pki <subsystem>-cert. To view each command's
usage, type pki <subsystem>-cert-<command> --help.

Viewing Certificates
Certificates can be viewed anonymously.

To list all certificates in the CA:

pki ca-cert-find

It is also possible to search for and list specific certificates by adding a search
filter. Use pki ca-cert-find --help to see options. For example, to search based on
issuance date:

pki ca-cert-find --issuedOnFrom 2012-06-15

To list certificates with search constraints defined in a file:

pki ca-cert-find --input <filename>

where the file is in the following format:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CertSearchRequest>

<serialNumberRangeInUse>true</serialNumberRangeInUse>
<serialFrom></serialFrom>
<serialTo></serialTo>

<subjectInUse>false</subjectInUse>
<eMail></eMail>
<commonName></commonName>
<userID></userID>
<orgUnit></orgUnit>
<org></org>
<locality></locality>
<state></state>
<country></country>

<matchExactly>false</matchExactly>

<status></status>

<revokedByInUse>false</revokedByInUse>
<revokedBy></revokedBy>

<revokedOnFrom>false</revokedOnFrom>
<revokedOnTo></revokedOnTo>

<revocationReasonInUse>false</revocationReasonInUse>
<revocationReason></revocationReason>

<issuedByInUse>false</issuedByInUse>
<issuedBy></issuedBy>

<issuedOnInUse>false</issuedOnInUse>
<issuedOnFrom></issuedOnFrom>
<issuedOnTo></issuedOnTo>

<validNotBeforeInUse>false</validNotBeforeInUse>
<validNotBeforeFrom></validNotBeforeFrom>
<validNotBeforeTo></validNotBeforeTo>

<validNotAfterInUse>false</validNotAfterInUse>
<validNotAfterFrom></validNotAfterFrom>
<validNotAfterTo></validNotAfterTo>

<validityLengthInUse>false</validityLengthInUse>
<validityOperation></validityOperation>
<validityCount></validityCount>
<validityUnit></validityUnit>

<certTypeInUse>false</certTypeInUse>
<certTypeSubEmailCA></certTypeSubEmailCA>
<certTypeSubSSLCA></certTypeSubSSLCA>
<certTypeSecureEmail></certTypeSecureEmail>

</CertSearchRequest>

To view a particular certificate:

pki ca-cert-show <certificate ID>

Revoking Certificates
Revoking, holding, or releasing a certificate must be executed as an agent user. To
revoke a certificate:

pki <agent authentication> ca-cert-revoke <certificate ID>

To place a certificate on hold temporarily:

pki <agent authentication> ca-cert-hold <certificate ID>

To release a certificate that has been placed on hold:

pki <agent authentication> ca-cert-release-hold <certificate ID>

Certificate Requests
To request a certificate, first generate a certificate signing request (CSR), then submit
it with a certificate profile. The list of available profiles can be viewed using the
following command:

pki ca-cert-request-profile-find

To generate a CSR, use the certutil, PKCS10Client, or CRMFPopClient, and store it into a
file.

Basic requests can be submitted using the following command:

pki ca-cert-request-submit --profile <profile ID> --request-type <type> --csr-file <CSR
file> --subject <subject DN>

To submit more advanced requests, download a template of the request file for a particular
profile using the following command:

pki ca-cert-request-profile-show <profile ID> --output <request file>

Then, edit the request file, fill in the input attributes required by the profile, and
submit the request using the following command:

pki ca-cert-request-submit <request file>

Depending on the profile, an agent may need to review the request by running the following
command:

pki <agent authentication> ca-cert-request-review <request ID> --file <file to store the
certificate request>

The --file <filename> and --action <action> options are mutually exclusive (i. e. - only
one or the other may be specified during command invocation).

If the --file <filename> option is specified, the certificate request, as well as the
defaults and constraints of the enrollment profile, will be retrieved and stored in the
output file provided by the --file option. The agent can examine the file and override
any values if necessary. To process the request, enter the appropriate action when
prompted:

Action (approve/reject/cancel/update/validate/assign/unassign):

The request in the file will be read in, and the specified action will be applied against
it.

Alternatively, when no changes to the request are necessary, the agent can process the
request in a single step using the --action <action> option with the following command:

pki <agent authentication> ca-cert-request-review <request ID> --action <action>

AUTHORS


Ade Lee <[email protected]>, Endi Dewata <[email protected]>, and Matthew Harmsen
<[email protected]>.

COPYRIGHT


Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License,
version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-
licenses/gpl-2.0.txt.

Use pki-cert online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    subconverter
    subconverter
    Utility to convert between various
    subscription format. Shadowrocket users
    should use ss, ssr or v2ray as target.
    You can add &remark= to
    Telegram-liked HT...
    Download subconverter
  • 2
    SWASH
    SWASH
    SWASH is a general-purpose numerical
    tool for simulating unsteady,
    non-hydrostatic, free-surface,
    rotational flow and transport phenomena
    in coastal waters as ...
    Download SWASH
  • 3
    VBA-M (Archived - Now on Github)
    VBA-M (Archived - Now on Github)
    Project has moved to
    https://github.com/visualboyadvance-m/visualboyadvance-m
    Features:Cheat creationsave statesmulti
    system, supports gba, gbc, gb, sgb,
    sgb2Tu...
    Download VBA-M (Archived - Now on Github)
  • 4
    Stacer
    Stacer
    Linux System Optimizer and Monitoring
    Github Repository:
    https://github.com/oguzhaninan/Stacer.
    Audience: End Users/Desktop. User
    interface: Qt. Programming La...
    Download Stacer
  • 5
    OrangeFox
    OrangeFox
    Fork of TeamWinRecoveryProject(TWRP)
    with many additional functions, redesign
    and more Features:Supports Treble and
    non-Treble ROMsUp-to-date Oreo kernel,
    built...
    Download OrangeFox
  • 6
    itop - ITSM  CMDB OpenSource
    itop - ITSM CMDB OpenSource
    IT Operations Portal: a complete open
    source, ITIL, web based service
    management tool including a fully
    customizable CMDB, a helpdesk system and
    a document man...
    Download itop - ITSM CMDB OpenSource
  • More »

Linux commands

Ad