Syntax - Red Hat CERTIFICATE SYSTEM 8 - COMMAND-LINE Manual
Command-line tools guide
Hide thumbs
Also See for CERTIFICATE SYSTEM 8 - COMMAND-LINE:
- Deployment manual (114 pages) ,
- Install manual (132 pages)
Table of Contents
Advertisement
Chapter 1. Create and Remove Instance Tools
The utility can be downloaded and saved to any location and is then executed locally.
1.2.1. Syntax
The pkisilent script can be used to configure a new subsystem instance. This tool has the following
syntax:
pkisilent Configuretype -cs_hostname hostname -cs_port admin_ssl_port -subsystem_name
name -client_certdb_dir certDBdir -client_certdb_pwd password -preop_pin preoppin [ -
domain_name new_domain_name | -sd_hostname domain_CA_hostname -sd_admin_port
admin_port -sd_agent_port agent_port -sd_ssl_port ee_ssl_port -sd_admin_name
username -sd_admin_password password ] -admin_user adminUID -admin_email admin@email
-admin_password password -agent_key_size keySize -agent_key_type keyType -
agent_cert_subject cert_subject_name -ldap_host hostname -ldap_port port -bind_dn
bindDN -bind_password password -base_dn install_base_DN -db_name dbName -key_size
keySize -key_type keyType -token_name HSM_name -token_pwd HSM_password -save_p12
true -backup_pwd password -backup_fname file [[ -ca_subsystem_cert_subject_name
cert_name -ca_ocsp_cert_subject_name cert_name -ca_server_cert_subject_name
cert_name -ca_sign_cert_subject_name cert_name -ca_audit_signing_cert_subject_name
cert_name ] | [ -ra_subsystem_cert_subject_name cert_name -ra_server_cert_subject_name
cert_name -ra_subsystem_cert_nickname nickname -ra_server_cert_nickname nickname ] | [ -
ocsp_subsystem_cert_subject_name cert_name -ocsp_sign_cert_subject_name cert_name -
ocsp_server_cert_subject_name cert_name -ocsp_audit_signing_cert_subject_name cert_name ]
| [ -drm_subsystem_cert_subject_name cert_name -drm_storage_cert_subject_name cert_name
-drm_transport_cert_subject_name cert_name -drm_server_cert_subject_name cert_name
-drm_audit_signing_cert_subject_name cert_name ] | [ -tks_subsystem_cert_subject_name
cert_name -tks_server_cert_subject_name cert_name -tks_audit_signing_cert_subject_name
cert_name ] | [ -tps_subsystem_cert_subject_name cert_name -tps_server_cert_subject_name
cert_name -tps_audit_signing_cert_subject_name cert_name -tps_subsystem_cert_nickname
nickname -tps_server_cert_nickname nickname ]] [[ -external false ] | [ -external
true -ext_csr_file output_cert_request_file -ext_cert_file input_cert_file -
ext_ca_cert_chain_file input_ca_cert_chain ]] [[ -ca_hostname hostname -ca_port
port -ca_ssl_port client_secure_port ] | [ -drm_hostname hostname -drm_ssl_port
secure_port ] | [ -tks_hostname hostname -tks_ssl_port secure_port ]] [ -ldap_auth_host
authentication_directory_hostname -ldap_auth_port authentication_directory_port
-ldap_auth_base_dn search_base ]
It is also possible to configure a clone CA instance using pkisilent. This requires additional
parameters to retrieve the master subsystem's keys.
NOTE
Only a clone CA can be configured using pkisilent. Clone DRMs, OCSPs, or TKSs
must be configured using the HTML-based configuration wizard.
pkisilent ... -clone true -clone_p12_file p12-file -clone_p12_password password
TIP
There are two template files that are shell scripts for silent configuration: /usr/
share/pki/silent/pki_silent.template and /usr/share/pki/silent/
4
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8 - COMMAND-LINE and is the answer not in the manual?
Questions and answers