From 2b8163ab5dfcf28a9eba319ef685046ae9d8b5e8 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Oct 06 2016 17:24:54 +0000 Subject: Add commentary about CA deletion to plugin doc Add commentary to 'ca' plugin documentation to explain what happens when a CA gets deleted - namely, that its signing cert gets revoked and its private key deleted. Also break the docstring up into smaller chunks to aid translation. Fixes: https://fedorahosted.org/freeipa/ticket/6256 Reviewed-By: Martin Basti --- diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index 4d83fe8..d9ae8c8 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -14,33 +14,38 @@ from ipalib import _, ngettext __doc__ = _(""" Manage Certificate Authorities - +""") + _(""" Subordinate Certificate Authorities (Sub-CAs) can be added for scoped issuance of X.509 certificates. - +""") + _(""" CAs are enabled on creation, but their use is subject to CA ACLs unless the operator has permission to bypass CA ACLs. - +""") + _(""" All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA prevents it from issuing certificates but does not affect the validity of its certificate. - - +""") + _(""" +CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its signing +certificate to be revoked and its private key deleted. +""") + _(""" EXAMPLES: - +""") + _(""" Create new CA, subordinate to the IPA CA. ipa ca-add puppet --desc "Puppet" \\ --subject "CN=Puppet CA,O=EXAMPLE.COM" - +""") + _(""" Disable a CA. ipa ca-disable puppet - +""") + _(""" Re-enable a CA. ipa ca-enable puppet +""") + _(""" + Delete a CA. + ipa ca-del puppet """)