From 056d185b4b2bfd7de423da7ff7a80f764c043810 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 23 Jul 2015 23:07:10 -0400
Subject: [PATCH] certprofile: add profile format explanation

Part of: https://fedorahosted.org/freeipa/ticket/5089

Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
 ipalib/plugins/certprofile.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 658fbca3b4eb851eb5a22190c443044f6ceb8491..1dd4f403ee4461b83c053eb36019a8896506bb81 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -47,9 +47,29 @@ EXAMPLES:
   Show information about a profile:
     ipa certprofile-show ShortLivedUserCert
 
+  Save profile configuration to a file:
+    ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg
+
   Search for profiles that do not store certificates:
     ipa certprofile-find --store=false
 
+PROFILE CONFIGURATION FORMAT:
+
+The profile configuration format is the raw property-list format
+used by Dogtag Certificate System.  The XML format is not supported.
+
+The following restrictions apply to profiles managed by FreeIPA:
+
+- When importing a profile the "profileId" field, if present, must
+  match the ID given on the command line.
+
+- The "classId" field must be set to "caEnrollImpl"
+
+- The "auth.instance_id" field must be set to "raCertAuth"
+
+- The "certReqInputImpl" input class and "certOutputImpl" output
+  class must be used.
+
 """)
 
 
-- 
2.4.3