PKI CLI - dogtagpki/pki GitHub Wiki
PKI CLI (i.e. pki) is a client tool that can be used to access various services on PKI server.
When installing PKI server the PKI CLI (and the PKI Client library) will automatically be installed.
To install PKI CLI on a machine that does not have PKI server, execute the following command:
$ dnf install pki-tools
In general the PKI CLI takes the following parameters:
$ pki [CLI options] <command> [command arguments/options]
The CLI options should be placed before the command. The command arguments/options should be placed after the command.
To view available commands and options:
$ pki --help
Some commands may have sub-commands. To view the sub-commands:
$ pki <command>
To view the command usage:
$ pki <command> --help
To run the command in verbose mode:
$ pki -v <command>
PKI CLI provides a shell mode to run multiple commands interactively.
To run PKI CLI in shell mode:
$ pki -U https://pki.example.com:8443 -n caadmin
PKI Command-Line Interface 11.9.0
pki> nss-cert-request \
--subject CN=server.example.com \
--ext /usr/share/pki/server/certs/sslserver.conf \
--csr sslserver.csr
pki> ca-cert-issue \
--profile caServerCert \
--csr-file sslserver.csr \
--output-file sslserver.crt
pki> exit
Availability: Since PKI 11.9.
PKI CLI provides a batch mode to run multiple commands at once.
To run PKI CLI in batch mode, prepare the commands in a file (e.g. script.txt):
# create cert request
nss-cert-request \
--subject CN=server.example.com \
--ext /usr/share/pki/server/certs/sslserver.conf \
--csr sslserver.csr
# issue cert
ca-cert-issue \
--profile caServerCert \
--csr-file sslserver.csr \
--output-file sslserver.crt
Then execute the following command:
$ pki -U https://pki.example.com:8443 -n caadmin - < script.txt
Availability: Since PKI 11.9.