From 056d185b4b2bfd7de423da7ff7a80f764c043810 Mon Sep 17 00:00:00 2001

From: Fraser Tweedale <ftweedal@redhat.com>

Date: Thu, 23 Jul 2015 23:07:10 -0400

Subject: [PATCH] certprofile: add profile format explanation

Part of: https://fedorahosted.org/freeipa/ticket/5089

Reviewed-By: Tomas Babej <tbabej@redhat.com>

---

 ipalib/plugins/certprofile.py | 20 ++++++++++++++++++++

 1 file changed, 20 insertions(+)

diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py

index 658fbca3b4eb851eb5a22190c443044f6ceb8491..1dd4f403ee4461b83c053eb36019a8896506bb81 100644

--- a/ipalib/plugins/certprofile.py

+++ b/ipalib/plugins/certprofile.py

@@ -47,9 +47,29 @@ EXAMPLES:

   Show information about a profile:

     ipa certprofile-show ShortLivedUserCert

+  Save profile configuration to a file:

+    ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg

+

   Search for profiles that do not store certificates:

     ipa certprofile-find --store=false

+PROFILE CONFIGURATION FORMAT:

+

+The profile configuration format is the raw property-list format

+used by Dogtag Certificate System.  The XML format is not supported.

+

+The following restrictions apply to profiles managed by FreeIPA:

+

+- When importing a profile the "profileId" field, if present, must

+  match the ID given on the command line.

+

+- The "classId" field must be set to "caEnrollImpl"

+

+- The "auth.instance_id" field must be set to "raCertAuth"

+

+- The "certReqInputImpl" input class and "certOutputImpl" output

+  class must be used.

+

 """)

-- 

2.4.3