.nh .TH pki-ca-profile 1 "Sep 30, 2014" PKI "PKI CA Profile Management Commands" .SH NAME .PP pki-profile - Command-line interface for managing PKI CA profiles. .SH SYNOPSIS .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile\fP .br \fBpki\fP [\fICLI-options\fP] \fBca-profile-find\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBca-profile-show\fP \fIprofile-ID\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBca-profile-add\fP \fIinput-file\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBca-profile-mod\fP \fIinput-file\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBca-profile-del\fP \fIprofile-ID\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBca-profile-enable\fP \fIprofile-ID\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBca-profile-disable\fP \fIprofile-ID\fP [\fIcommand-options\fP] .SH DESCRIPTION .PP The \fBpki ca-profile\fP commands provide command-line interfaces to manage profiles on the CA. .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile-find\fP [\fIcommand-options\fP] .br This command is to list the profiles. .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile-show\fP \fIprofile-ID\fP [\fIcommand-options\fP] .br This command is to view the details of a profile. .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile-add\fP \fIinput-file\fP [\fIcommand-options\fP] .br This command is to create a new profile. .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile-mod\fP \fIinput-file\fP [\fIcommand-options\fP] .br This command is to modify an existing profile. .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile-del\fP \fIprofile-ID\fP [\fIcommand-options\fP] .br This command is to delete a profile. .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile-enable\fP \fIprofile-ID\fP [\fIcommand-options\fP] .br This command is to enable a profile. .PP \fBpki\fP [\fICLI-options\fP] \fBca-profile-disable\fP \fIprofile-ID\fP [\fIcommand-options\fP] .br This command is to disable a profile. .SH OPTIONS .PP The CLI options are described in \fBpki(1)\fP\&. .SH OPERATIONS .PP To view available profile commands, type \fBpki ca-profile\fP\&. To view each command's usage, type \fBpki ca-profile-<command> --help\fP\&. .PP All the \fBpki ca-profile\fP commands require CA agent authentication. .SS Viewing the profiles .PP .RS .nf $ pki ca-profile-find .fi .RE .PP The results can be paged using the \fB--start\fP and \fB--size\fP options described in \fBpki(1)\fP\&. .PP To view the contents of a profile: .PP A set of profile inputs, profile outputs, authenticators, policies and constraints are defined in a profile. These contents can be viewed using the following command: .PP .RS .nf $ pki ca-profile-show .fi .RE .PP To store the output of the above operation, the output option must be specified. .PP .RS .nf $ pki ca-profile-show --output .fi .RE .PP This output file can be used for modifying the profile. It can be used as a template for certificate enrollment as well but, a more suitable template can be fetched using the \fBpki cert-request-profile-show\fP command. The \fBpki cert-request-profile-show\fP command does not require an agent/administrator level authentication and contains only the profile inputs section (which is required for certificate enrollment). .SS Add/Modify/Delete a profile .PP .RS .nf $ pki ca-profile-add .fi .RE .PP The contents of the input file must be in an XML format returned by the ca-profile-show command. This data will be marshaled by the CLI client to create a new profile in the CA. The profile must be disabled before it is modified. It must be enabled after modification to be used for certificate enrollment. .PP To modify an existing profile: .PP .RS .nf $ pki ca-profile-mod .fi .RE .PP The profile data can be retrieved using the ca-profile-show command and after editing the file, it can be provided to the profile-mod command to modify an existing profile. .PP To delete a profile in the CA: .PP .RS .nf $ pki ca-profile-del .fi .RE .SS Enabling/Disabling a profile in the CA .PP To enable a profile in the CA: .PP .RS .nf $ pki ca-profile-enable .fi .RE .PP A profile must be enabled before it can be used. .PP To disable a profile in the CA: .PP .RS .nf $ pki ca-profile-disable .fi .RE .PP A profile must be disabled before it can be modified. .PP \fBNote:\fP Modifying or deleting a profile requires user(s) that have two roles (admin and agent). The same user may be in both roles. An agent is needed to first disable the profile. Once the profile is disabled, it can be modified/deleted by an admin user. Then, an agent is needed to enable the profile for use by the CA. .SH SEE ALSO .PP \fBpki(1)\fP .SH AUTHORS .PP Abhishek Koneru <akoneru@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.