From 6fa1909effcedf28ebaec97317c12f452090ef9d Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Apr 10 2015 18:10:45 +0000 Subject: Document the dogtag helper's -N and -R flags We already listed the -N flag in the help output, but it wasn't in the man page, so add it: it reverses the default logic, whereby we would normally prefer to attempt renewal if we have either an old certificate (in $CERTMONGER_CERTIFICATE) or the serial number of an old certificate. Also document the -R flag, which negates the -N flag. --- diff --git a/src/certmonger-dogtag-submit.8.in b/src/certmonger-dogtag-submit.8.in index 46aecf7..247c4cd 100644 --- a/src/certmonger-dogtag-submit.8.in +++ b/src/certmonger-dogtag-submit.8.in @@ -18,6 +18,7 @@ dogtag-submit -E EE-URL -A AGENT-URL [-S state] [-T profile] [-O param=value] +[-N | -R] [-v] [csrfile] @@ -94,6 +95,15 @@ settings are applied. This option can be used either to override a server-supplied default setting, or to supply one which would otherwise have not been used. Requires the \fB-A\fR option. .TP +\fB-N\fR +Even if an already-issued certificate is available in the +\fICERTMONGER_CERTIFICATE\fR environment variable, or a serial number has been +provided, don't attempt to renew a certificate using its serial number. +Instead, attempt to obtain a new certificate using the signing request. +.TP +\fB-R\fR +Negates the effect of the \fB-N\fR flag. +.TP \fB-v\fR Increases the logging level. Use twice for more logging. This option is mainly useful for troubleshooting. diff --git a/src/dogtag.c b/src/dogtag.c index edf07db..1274df9 100644 --- a/src/dogtag.c +++ b/src/dogtag.c @@ -79,7 +79,7 @@ help(const char *cmd) "\t[-T profile]\n" "\t[-O param=value]\n" "\t[-v]\n" - "\t[-N]\n" + "\t[-N | -R]\n" "\t[-V dogtag_version]\n" "\t[csrfile]\n", strchr(cmd, '/') ? strrchr(cmd, '/') + 1 : cmd);