.nh .TH pki-server-instance 8 "July 15, 2015" PKI "PKI Instance Management Commands" .SH NAME .PP pki-server-instance - Command-line interface for managing PKI server instances. .SH SYNOPSIS .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-cert\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-cert-export\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-find\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-show\fP \fIinstance-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-start\fP \fIinstance-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-stop\fP \fIinstance-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-migrate\fP \fB--tomcat\fP \fIversion\fP \fIinstance-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-nuxwdog-enable\fP \fIinstance-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-nuxwdog-disable\fP \fIinstance-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-externalcert-add\fP \fB-i\fP \fIinstance-ID\fP \fB--cert-file\fP \fIpath\fP \fB--trust-args\fP \fIargs\fP \fB--nickname\fP \fInickname\fP \fB--token\fP \fItoken\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBinstance-externalcert-del\fP \fB-i\fP \fIinstance-ID\fP \fB--nickname\fP \fInickname\fP \fB--token\fP \fItoken\fP .SH DESCRIPTION .PP The \fBpki-server instance\fP commands provide command-line interfaces to manage PKI server instances. A PKI server instance consists of a single Apache Tomcat instance that contains one or more subsystems. .PP Operations that are available include: listing and showing details about local instances; starting and stopping instances; performing instance migrations; and enabling or disabling password prompted instance startup using \fBnuxwdog\fP\&. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance\fP .br This command is to list available instance commands. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-cert\fP .br This command is to list available instance certificate commands. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-cert-export\fP .br This command is to export system certificates and keys to a PKCS #12 file. The output filename and either a password or a password file are required. If no nicknames are specified, all the system certificates will be exported. Otherwise, it is possible to extract individual certificates (with or without their keys and trust arguments), and to append to an existing PKCS #12 file. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-find\fP .br This command is to list local PKI server instances. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-show\fP \fIinstance-ID\fP .br This command is to view a details about a particular instance. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-start\fP \fIinstance-ID\fP .br This command is to start a PKI server instance. Note that currently this command cannot be used to start \fBnuxwdog\fP-enabled instances. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-stop\fP \fIinstance-ID\fP .br This command is to stop a PKI server instance. Note that currently this command cannot be used to stop \fBnuxwdog\fP-enabled instances. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-migrate\fP \fB--tomcat\fP \fIversion\fP \fIinstance-ID\fP .br There are differences in configuration between Apache Tomcat 7 and Apache Tomcat 8. This command reconfigures a PKI server instance to match the specified Tomcat version. This command can be used to migrate initially created under Tomcat 7 when Tomcat is upgraded. See \fBpki-server migrate(8)\fP for further details. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-nuxwdog-enable\fP \fIinstance-ID\fP .br This command is to convert a PKI server instance to start without access to a password file, using the \fBnuxwdog\fP daemon. See \fBpki-server nuxwdog(8)\fP for further details. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-nuxwdog-disable\fP \fIinstance-ID\fP .br This command is to convert a PKI server instance to start with access to a password file, rather than using the \fBnuxwdog\fP daemon. See \fBpki-server nuxwdog(8)\fP for further details. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-externalcert-add\fP \fB-i\fP \fIinstance-ID\fP \fB--cert-file\fP \fIpath\fP \fB--trust-args\fP \fIargs\fP \fB--nickname\fP \fInickname\fP \fB--token\fP \fItoken\fP .br This command is to add a certificate to the certificate database for a PKI server instance. The certificate will be kept track of in the configuration file \fBexternal_certs.conf\fP, and will automatically be exported when the system certificates are exported. To update a certificate, the old one needs to be removed first using the delete command below. The trust arguments are those defined for NSS databases, e.g. "CT,C,C". See \fBcertutil(1)\fP for more details. .PP \fBpki-server\fP [\fICLI-options\fP] \fBinstance-externalcert-del\fP \fB-i\fP \fIinstance-ID\fP \fB--nickname\fP \fInickname\fP \fB--token\fP \fItoken\fP .br This command is to remove a certificate from the certificate database for a PKI server instance. .SH OPTIONS .PP The CLI options are described in \fBpki-server(8)\fP\&. .SH OPERATIONS .PP To view available instance management commands, type \fBpki-server instance\fP\&. To view each command's usage, type \fBpki-server instance-<command> --help\fP\&. .SH AUTHORS .PP Ade Lee <alee@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.