pki-client man page

pki-client — Command-Line Interface for managing the security database on Certificate System client.

Synopsis

pki [CLI options] client
pki [CLI options] client-init [command options]
pki [CLI options] client-cert-find [command options]
pki [CLI options] client-cert-request [subject DN] [command options]
pki [CLI options] client-cert-import [nickname] [command options]
pki [CLI options] client-cert-mod <nickname> [command options]
pki [CLI options] client-cert-show <nickname> [command options]
pki [CLI options] client-cert-del <nickname> [command options]

Description

The pki-client commands provide command-line interfaces to manage the security database on the client's machine.

pki [CLI options] client

This command is to list available client commands.

pki [CLI options] client-init [command options]

This command is to create a new security database for the client.

pki [CLI options] client-cert-find [command options]

This command is to list certificates in the client security database.

pki [CLI options] client-cert-request [subject DN] [command options]

This command is to generate and submit a certificate request.

pki [CLI options] client-cert-import [nickname] [command options]

This command is to import a certificate into the client security database.

pki [CLI options] client-cert-mod <nickname> [command options]

This command is to modify a certificate in the client security database.

pki [CLI options] client-cert-show <nickname> [command options]

This command is to view a certificate in the client security database.

pki [CLI options] client-cert-del <nickname> [command options]

This command is to delete a certificate from the client security database.

Options

The CLI options are described in pki(1).

Operations

To view available client commands, type pki client. To view each command's usage, type pki client-<command> --help.

To create a new database execute the following command:

pki -d <security database location> -c <security database password> client-init

To list certificates in the security database:

pki -d <security database location> -c <security database password> client-cert-find

To request a certificate:

pki -d <security database location> -c <security database password> client-cert-request [subject DN]

The subject DN requirement depends on the certificate profile being requested. Some profiles may require the user to provide a subject DN in a certain format. Some other profiles may generate their own subject DN.

Certain profiles may also require additional authentication. To authenticate, a username and a password can be specified using the --username and --password options, respectively. If the subject DN is not specififed the CLI may use the username to generate a default subject DN "UID=<username>".

To import a certificate from a file into the security database:

pki -d <security database location> -c <security database password> client-cert-import <nickname> --cert <path>

To import a CA certificate from a file into the security database:

pki -d <security database location> -c <security database password> client-cert-import <nickname> --ca-cert <path>

To import certificates and private keys from a PKCS #12 file into the security database:

pki -d <security database location> -c <security database password> client-cert-import --pkcs12 <path> --pkcs12-password <password>

To import a certificate from CA server into the security database:

pki -d <security database location> -c <security database password> client-cert-import <nickname> --serial <serial number>

To import a CA certificate from CA server into the security database:

pki -d <security database location> -c <security database password> client-cert-import <nickname> --ca-server

To modify a certificate's trust attributes in the security database:

pki -d <security database location> -c <security database password> client-cert-mod <nickname> --trust <trust attributes>

To display a certificate in the security database:

pki -d <security database location> -c <security database password> client-cert-show <nickname>

To export a certificate from the security database into a PEM file:

pki -d <security database location> -c <security database password> client-cert-show <nickname> --cert <path>

To export a certificate chain with the private key from the security database into a PKCS #12 file:

pki -d <security database location> -c <security database password> client-cert-show <nickname> --pkcs12 <path> --pkcs12-password <password>

To export a certificate chain with the private key with a password file:

pki -d <security database location> -c <security database password> client-cert-show <nickname> --pkcs12 <path> --pkcs12-password-file <path>

To export a client certificate with the private key from the security database into a PEM file:

pki -d <security database location> -c <security database password> client-cert-show <nickname> --client-cert <path>

To delete a certificate from the security database:

pki -d <security database location> -c <security database password> client-cert-del <nickname>

Authors

Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>.

Referenced By

pki(1).

May 5, 2014 version 10.2 PKI Client Security Database Management Commands