Currently to create or update a certificate profile configuration the admin is required to use a file and be familiar with the file format, which is not very user-friendly:
It would be nice to provide a set of CLIs that can be used to manage different aspects of the profile configuration without having to deal with files or learn about the file format. The CLIs may look as follows:
Profile inputs:
$ pki ca-profile-input-find caUserCert ----------------- 3 entries matched ----------------- Input name: Key Generation Class: keyGenInputImpl Input name: Subject Name Class: subjectNameInputImpl Input name: Requestor Information Class: submitterInfoInputImpl ---------------------------- Number of entries returned 3 ----------------------------
Profile input attributes:
$ pki ca-profile-input-attribute-find caUserCert "Key Generation" ----------------- 2 entries matched ----------------- Attribute Name: cert_request_type Description: Key Generation Request Type Syntax: keygen_request_type Attribute Name: cert_request Description: Key Generation Request Syntax: keygen_request ---------------------------- Number of entries returned 2 ----------------------------
Profile outputs:
$ pki ca-profile-output-find caUserCert ----------------- 1 entries matched ----------------- Output name: Certificate Output Class: certOutputImpl ---------------------------- Number of entries returned 1 ----------------------------
Profile output attributes:
$ pki ca-profile-output-attribute-find caUserCert "Certificate Output" ----------------- 2 entries matched ----------------- Attribute Name: pretty_cert Description: Certificate Pretty Print Syntax: pretty_print Attribute Name: b64_cert Description: Certificate Base-64 Encoded Syntax: pretty_print ---------------------------- Number of entries returned 2 ----------------------------
Profile policies:
$ pki ca-profile-policy-find caUserCert ----------------- 1 entries matched ----------------- Policy name: userCertSet ---------------------------- Number of entries returned 1 ----------------------------
Profile policy constraints:
$ pki ca-profile-policy-constraint-find caUserCert userCertSet ------------------ 10 entries matched ------------------ Constraint name: Subject Name Constraint Constraint class: subjectNameConstraintImpl Constraint parameters accept: true Constraint parameters pattern: UID=.* Default name: Subject Name Default Default class: userSubjectNameDefaultImpl ... ----------------------------- Number of entries returned 10 -----------------------------
There should be the corresponding -add, -show, -mod, and -del for each component above. With these CLIs the admin should be able to add a blank profile, then add each component one-by-one without using a file. The admin should also be able to manage a certain aspect of a profile without having to download the whole configuration and find the parameter to change in the file.
Proposed milestone: 10.3
Per CS/DS Meeting of 04/13/2015: 10.3
Metadata Update from @edewata: - Issue set to the milestone: UNTRIAGED
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1893
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.