Title: #635: man ipa-cacert-manage install needs clarification
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/635/head:pr635
git checkout pr635
From d20d25c7f9f501d0aade12bce48bab941bbd8f01 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Wed, 22 Mar 2017 08:49:39 +0100
Subject: [PATCH] man ipa-cacert-manage install needs clarification
The customers are often confused by ipa-cacert-manage install. The man page
should make it clear that IPA CA is not modified in any way by this command.
install/tools/man/ipa-cacert-manage.1 | 2 ++
1 file changed, 2 insertions(+)
diff --git a/install/tools/man/ipa-cacert-manage.1 b/install/tools/man/ipa-cacert-manage.1
index 4515d7c..128edd8 100644
@@ -46,6 +46,8 @@ When the IPA CA is not configured, this command is not available.
This command can be used to install the certificate contained in \fICERTFILE\fR as an additional CA certificate to IPA.
+Important: this does not replace IPA CA but adds the provided certificate as a known CA. This is useful for instance when using ipa-server-certinstall to replace HTTP/LDAP certificates with third-party certificates signed by this additional CA.
Please do not forget to run ipa-certupdate on the master, all the replicas and all the clients after this command in order to update IPA certificates databases.
.SH "COMMON OPTIONS"
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code