On 07/19/2016 10:25 AM, Florence Blanc-Renaud wrote:
On 07/15/2016 02:09 PM, Stanislav Laznicka wrote:
https://fedorahosted.org/freeipa/ticket/6013
Hi Stanislav,
thanks for your patch. As CERTFILE is added in the arguments for
install, I would suggest to mention it in the command description. For
instance:
install
- Install a CA certificate
This command can be used to install the certificate contained in
CERTFILE as a new CA certificate to IPA.
Flo.
Hi,
Thanks for the notice, I agree that it'd be better to be more verbose
about the CERTFILE argument. Please see the modified patch.
From 6cfe281647a489909085875b3011486ca276f044 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Fri, 15 Jul 2016 14:04:59 +0200
Subject: [PATCH] Improvements for the ipa-cacert-manage man and help
The man page for ipa-cacert-manage didn't mention that some
options are only applicable to the install some to the renew
subcommand.
Also fixed a few missing articles.
https://fedorahosted.org/freeipa/ticket/6013
---
install/tools/man/ipa-cacert-manage.1 | 38 ++++++++++++++++++++++------------
ipaserver/install/ipa_cacert_manage.py | 2 +-
2 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/install/tools/man/ipa-cacert-manage.1 b/install/tools/man/ipa-cacert-manage.1
index 1f37788336048e412eee71757f236c9944860514..f0a1033ab372c2f923a883b385c0e3304b98f56f 100644
--- a/install/tools/man/ipa-cacert-manage.1
+++ b/install/tools/man/ipa-cacert-manage.1
@@ -20,7 +20,9 @@
.SH "NAME"
ipa\-cacert\-manage \- Manage CA certificates in IPA
.SH "SYNOPSIS"
-\fBipa\-cacert\-manage\fR [\fIOPTIONS\fR...] \fICOMMAND\fR
+\fBipa\-cacert\-manage\fR [\fIOPTIONS\fR...] renew
+.RE
+\fBipa\-cacert\-manage\fR [\fIOPTIONS\fR...] install \fICERTFILE\fR
.SH "DESCRIPTION"
\fBipa\-cacert\-manage\fR can be used to manage CA certificates in IPA.
.SH "COMMANDS"
@@ -29,7 +31,7 @@ ipa\-cacert\-manage \- Manage CA certificates in IPA
\- Renew the IPA CA certificate
.sp
.RS
-This command can be used to manually renew CA certificate of the IPA CA.
+This command can be used to manually renew the CA certificate of the IPA CA.
.sp
When the IPA CA is the root CA (the default), it is not usually necessary to manually renew the CA certificate, as it will be renewed automatically when it is about to expire, but you can do so if you wish.
.sp
@@ -42,13 +44,30 @@ When the IPA CA is not configured, this command is not available.
\- Install a CA certificate
.sp
.RS
-This command can be used to install new CA certificate to IPA.
+This command can be used to install the certificate contained in \fICERTFILE\fR as a new CA certificate to IPA.
.RE
-.SH "OPTIONS"
+.SH "COMMON OPTIONS"
+.TP
+\fB\-\-version\fR
+Show the program's version and exit.
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Show the help for this program.
.TP
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
The Directory Manager password to use for authentication.
.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Print debugging information.
+.TP
+\fB\-q\fR, \fB\-\-quiet\fR
+Output only errors.
+.TP
+\fB\-\-log\-file\fR=\fIFILE\fR
+Log to the given file.
+.RE
+.SH "RENEW OPTIONS"
+.TP
\fB\-\-self\-signed\fR
Sign the renewed certificate by itself.
.TP
@@ -57,6 +76,8 @@ Sign the renewed certificate by external CA.
.TP
\fB\-\-external\-cert\-file\fR=\fIFILE\fR
File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times.
+.RE
+.SH "INSTALL OPTIONS"
.TP
\fB\-n\fR \fINICKNAME\fR, \fB\-\-nickname\fR=\fINICKNAME\fR
Nickname for the certificate.
@@ -73,15 +94,6 @@ T \- CA trusted to issue client certificates
.IP
p \- not trusted
.RE
-.TP
-\fB\-v\fR, \fB\-\-verbose\fR
-Print debugging information.
-.TP
-\fB\-q\fR, \fB\-\-quiet\fR
-Output only errors.
-.TP
-\fB\-\-log\-file\fR=\fIFILE\fR
-Log to the given file.
.SH "EXIT STATUS"
0 if the command was successful
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index de13ad39397ae5e9b924b0621521e5fc6016c8e6..32ef25c7aac3e57d27955b6a2608adb6a1626019 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -35,7 +35,7 @@ from ipaserver.install import certs, cainstance, installutils
class CACertManage(admintool.AdminTool):
command_name = 'ipa-cacert-manage'
- usage = "%prog {renew|install} [options]"
+ usage = "%prog renew [options]\n%prog install [options] CERTFILE"
description = "Manage CA certificates."
--
2.7.4
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
