.nh .TH pki-client 1 "May 5, 2014" PKI "PKI NSS Database Management Commands" .SH NAME .PP pki-client - Command-line interface for managing the NSS database on PKI client. .SH SYNOPSIS .PP \fBpki\fP [\fICLI-options\fP] \fBclient\fP .br \fBpki\fP [\fICLI-options\fP] \fBclient-init\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBclient-cert-find\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBclient-cert-request\fP [\fIsubject-DN\fP] [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBclient-cert-import\fP [\fInickname\fP] [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBclient-cert-mod\fP \fInickname\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBclient-cert-show\fP \fInickname\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBclient-cert-del\fP \fInickname\fP [\fIcommand-options\fP] .SH DESCRIPTION .PP The \fBpki-client\fP commands provide command-line interfaces to manage the NSS database on the client's machine. .PP \fBpki\fP [\fICLI-options\fP] \fBclient\fP .br This command is to list available client commands. .PP \fBpki\fP [\fICLI-options\fP] \fBclient-init\fP [\fIcommand-options\fP] .br This command is to create a new NSS database for the client. .PP \fBpki\fP [\fICLI-options\fP] \fBclient-cert-find\fP [\fIcommand-options\fP] .br This command is to list certificates in the NSS database. .PP \fBpki\fP [\fICLI-options\fP] \fBclient-cert-request\fP [\fIsubject-DN\fP] [\fIcommand-options\fP] .br This command is to generate and submit a certificate request. .PP \fBpki\fP [\fICLI-options\fP] \fBclient-cert-import\fP [\fInickname\fP] [\fIcommand-options\fP] .br This command is to import a certificate into the NSS database. .PP \fBpki\fP [\fICLI-options\fP] \fBclient-cert-mod\fP \fInickname\fP [\fIcommand-options\fP] .br This command is to modify a certificate in the NSS database. .PP \fBpki\fP [\fICLI-options\fP] \fBclient-cert-show\fP \fInickname\fP [\fIcommand-options\fP] .br This command is to view a certificate in the NSS database. .PP \fBpki\fP [\fICLI-options\fP] \fBclient-cert-del\fP \fInickname\fP [\fIcommand-options\fP] .br This command is to delete a certificate from the NSS database. .SH OPTIONS .PP The CLI options are described in \fBpki(1)\fP\&. .SH OPERATIONS .PP To view available client commands, type \fBpki client\fP\&. To view each command's usage, type \fBpki client-<command> --help\fP\&. .PP To create a new database execute the following command: .PP .RS .nf $ pki -d -c client-init .fi .RE .PP To list certificates in the NSS database: .PP .RS .nf $ pki -d -c client-cert-find .fi .RE .PP To request a certificate: .PP .RS .nf $ pki -d -c client-cert-request [subject DN] .fi .RE .PP The subject DN requirement depends on the certificate profile being requested. Some profiles may require the user to provide a subject DN in a certain format. Some other profiles may generate their own subject DN. .PP Certain profiles may also require additional authentication. To authenticate, a username and a password can be specified using the \fB--username\fP and \fB--password\fP options, respectively. If the subject DN is not specififed the CLI may use the username to generate a default subject DN "UID=\fIusername\fP". .PP To import a certificate from a file into the NSS database: .PP .RS .nf $ pki -d -c client-cert-import [*nickname*] \\ --cert .fi .RE .PP To import a CA certificate from a file into the NSS database: .PP .RS .nf $ pki -d -c client-cert-import \\ --ca-cert .fi .RE .PP To import certificates and private keys from a PKCS #12 file into the NSS database: .PP .RS .nf $ pki -d -c client-cert-import \\ --pkcs12 --pkcs12-password .fi .RE .PP To import a certificate from CA server into the NSS database: .PP .RS .nf $ pki -d -c client-cert-import \\ --serial .fi .RE .PP To import a CA certificate from CA server into the NSS database: .PP .RS .nf $ pki -d -c client-cert-import \\ --ca-server .fi .RE .PP To modify a certificate's trust flags in the NSS database: .PP .RS .nf $ pki -d -c client-cert-mod \\ --trust .fi .RE .PP To display a certificate in the NSS database: .PP .RS .nf $ pki -d -c client-cert-show .fi .RE .PP To export a certificate from the NSS database into a PEM file: .PP .RS .nf $ pki -d -c client-cert-show \\ --cert .fi .RE .PP To export a certificate chain with the private key from the NSS database into a PKCS #12 file: .PP .RS .nf $ pki -d -c client-cert-show \\ --pkcs12 --pkcs12-password .fi .RE .PP To export a certificate chain with the private key with a password file: .PP .RS .nf $ pki -d -c client-cert-show \\ --pkcs12 --pkcs12-password-file .fi .RE .PP To export a client certificate with the private key from the NSS database into a PEM file: .PP .RS .nf $ pki -d -c client-cert-show \\ --client-cert .fi .RE .PP To delete a certificate from the NSS database: .PP .RS .nf $ pki -d -c client-cert-del .fi .RE .SH AUTHORS .PP Ade Lee <alee@redhat.com>, Endi Dewata <edewata@redhat.com>, and Matthew Harmsen <mharmsen@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.