758 lines
37 KiB
Diff
758 lines
37 KiB
Diff
From f5b4420f01272f14416558286c66511b1e35816d Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Thu, 14 May 2020 14:37:31 -0400
|
|
Subject: [PATCH 43/43] Add long options to command-line help
|
|
|
|
The command-line help mostly consisted of only the short options.
|
|
Add the long-option and clean up some of the output.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1782838
|
|
---
|
|
src/getcert.c | 536 ++++++++++++++++++++++++++++++++------------------
|
|
src/scep.c | 2 +-
|
|
2 files changed, 345 insertions(+), 193 deletions(-)
|
|
|
|
diff --git a/src/getcert.c b/src/getcert.c
|
|
index 5c8dc94..84e0bf3 100644
|
|
--- a/src/getcert.c
|
|
+++ b/src/getcert.c
|
|
@@ -4864,50 +4864,90 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Required arguments:\n"),
|
|
N_("* If using an NSS database for storage:\n"),
|
|
- N_(" -d DIR NSS database for key and cert\n"),
|
|
- N_(" -n NAME nickname for NSS-based storage (only valid with -d)\n"),
|
|
- N_(" -t NAME optional token name for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"),
|
|
+ N_(" (only valid with -d)\n"),
|
|
N_("* If using files for storage:\n"),
|
|
- N_(" -k FILE PEM file for private key\n"),
|
|
- N_(" -f FILE PEM file for certificate (only valid with -k)\n"),
|
|
+ N_(" -k FILE, --keyfile=FILE\n"),
|
|
+ N_(" PEM file for private key\n"),
|
|
+ N_(" -f FILE, --certfile=FILE\n"),
|
|
+ N_(" PEM file for certificate (only valid with -k)\n"),
|
|
N_("* If keys are to be encrypted:\n"),
|
|
- N_(" -p FILE file which holds the encryption PIN\n"),
|
|
- N_(" -P PIN PIN value\n"),
|
|
+ N_(" -p FILE, --pinfile=FILE\n"),
|
|
+ N_(" file which holds the encryption PIN\n"),
|
|
+ N_(" -P PIN, --pin=PIN PIN value\n"),
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* Certificate handling settings:\n"),
|
|
- N_(" -I NAME nickname to assign to the request\n"),
|
|
- N_(" -G TYPE type of key to be generated if one is not already in place\n"),
|
|
- N_(" -g SIZE size of key to be generated if one is not already in place\n"),
|
|
- N_(" -r attempt to renew the certificate when expiration nears (default)\n"),
|
|
- N_(" -R don't attempt to renew the certificate when expiration nears\n"),
|
|
+ N_(" -I NAME, --new-id=NAME\n"),
|
|
+ N_(" new nickname to give to tracking request\n"),
|
|
+ N_(" -G TYPE, --key-type=TYPE\n"),
|
|
+ N_(" type of key to be generated if one is not already\n"),
|
|
+ N_(" in place\n"),
|
|
+ N_(" -g BITS, --key-size=BITS\n"),
|
|
+ N_(" size of key to be generated if one is not already\n"),
|
|
+ N_(" in place\n"),
|
|
+ N_(" -r, --renew attempt to renew the certificate when\n"),
|
|
+ N_(" expiration nears (default)\n"),
|
|
+ N_(" -R, --no-renew don't attempt to renew the certificate when\n"),
|
|
+ N_(" expiration nears\n"),
|
|
#ifndef FORCE_CA
|
|
- N_(" -c CA use the specified CA rather than the default\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
#endif
|
|
- N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
+ N_(" -T PROFILE, --profile=NAME\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named profile or template\n"),
|
|
N_(" --ms-template-spec SPEC\n"),
|
|
- N_(" include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
- N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
+ N_(" include V2 template specifier in CSR\n"),
|
|
+ N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
+ N_(" -X ISSUER, --issuer=ISSUER\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named issuer\n"),
|
|
N_("* Parameters for the signing request:\n"),
|
|
- N_(" -N NAME set requested subject name (default: CN=<hostname>)\n"),
|
|
- N_(" -U EXTUSAGE set requested extended key usage OID\n"),
|
|
- N_(" -u KEYUSAGE set requested key usage value\n"),
|
|
- N_(" -K NAME set requested principal name\n"),
|
|
- N_(" -D DNSNAME set requested DNS name\n"),
|
|
- N_(" -E EMAIL set requested email address\n"),
|
|
- N_(" -A ADDRESS set requested IP address\n"),
|
|
- N_(" -l FILE file which holds an optional challenge password\n"),
|
|
- N_(" -L PASSWORD an optional challenge password value\n"),
|
|
+ N_(" -N NAME, --subject-name=NAME\n"),
|
|
+ N_(" set requested subject name (default: CN=<hostname>)\n"),
|
|
+ N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
|
|
+ N_(" override requested extended key usage OID\n"),
|
|
+ N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
|
|
+ N_(" set requested key usage value\n"),
|
|
+ N_(" -K NAME, --principal=NAME\n"),
|
|
+ N_(" override requested principal name\n"),
|
|
+ N_(" -D DNSNAME, --dns=DNSNAME\n"),
|
|
+ N_(" override requested DNS name\n"),
|
|
+ N_(" -E EMAIL, --email=EMAIL\n"),
|
|
+ N_(" override requested email address\n"),
|
|
+ N_(" -A ADDRESS, --ip-address=ADDRESS\n"),
|
|
+ N_(" override requested IP address\n"),
|
|
+ N_(" -l FILE, --challenge-password-file=FILE\n"),
|
|
+ N_(" file which holds an optional challenge password\n"),
|
|
+ N_(" -L PASSWORD, --challenge-password=PASSWORD\n"),
|
|
+ N_(" an optional challenge password value\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -B command to run before saving the certificate\n"),
|
|
- N_(" -C command to run after saving the certificate\n"),
|
|
- N_(" -F file in which to store the CA's certificates\n"),
|
|
- N_(" -a NSS database in which to store the CA's certificates\n"),
|
|
- N_(" -w try to wait for the certificate to be issued\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -B COMMAND, --before-command=COMMAND\n"),
|
|
+ N_(" command to run before saving the certificate\n"),
|
|
+ N_(" -C COMMAND, --after-command=COMMAND\n"),
|
|
+ N_(" command to run after saving the certificate\n"),
|
|
+ N_(" -F FILE, --ca-file=FILE\n"),
|
|
+ N_(" file in which to store the CA's certificates\n"),
|
|
+ N_(" -a DIR, --ca-dbdir=DIR\n"),
|
|
+ N_(" NSS database in which to store the CA's certificates\n"),
|
|
+ N_(" -w, --wait try to wait for the certificate to be issued\n"),
|
|
+ N_(" --wait-timeout TIMEOUT\n"),
|
|
+ N_(" Maximum time to wait for the certificateto be issued\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
+ N_(" -o OWNER, --key-owner=OWNER\n"),
|
|
+ N_(" owner information for private key\n"),
|
|
+ N_(" -m MODE, --key-perms=MODE\n"),
|
|
+ N_(" file permissions for private key\n"),
|
|
+ N_(" -O OWNER, --cert-owner=OWNER\n"),
|
|
+ N_(" owner information for certificate\n"),
|
|
+ N_(" -M MODE, --cert-perms=MODE\n"),
|
|
+ N_(" file permissions for certificate\n"),
|
|
NULL,
|
|
};
|
|
const char *start_tracking_help[] = {
|
|
@@ -4915,49 +4955,84 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Required arguments:\n"),
|
|
N_("* If modifying an existing request:\n"),
|
|
- N_(" -i NAME nickname of an existing tracking request\n"),
|
|
+ N_(" -i NAME, --id=NAME nickname of an existing tracking request\n"),
|
|
N_("* If using an NSS database for storage:\n"),
|
|
- N_(" -d DIR NSS database for key and cert\n"),
|
|
- N_(" -n NAME nickname for NSS-based storage (only valid with -d)\n"),
|
|
- N_(" -t NAME optional token name for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"),
|
|
+ N_(" (only valid with -d)\n"),
|
|
N_("* If using files for storage:\n"),
|
|
- N_(" -k FILE PEM file for private key\n"),
|
|
- N_(" -f FILE PEM file for certificate (only valid with -k)\n"),
|
|
+ N_(" -k FILE, --keyfile=FILE\n"),
|
|
+ N_(" PEM file for private key\n"),
|
|
+ N_(" -f FILE, --certfile=FILE\n"),
|
|
+ N_(" PEM file for certificate (only valid with -k)\n"),
|
|
N_("* If keys are encrypted:\n"),
|
|
- N_(" -p FILE file which holds the encryption PIN\n"),
|
|
- N_(" -P PIN PIN value\n"),
|
|
+ N_(" -p FILE, --pinfile=FILE\n"),
|
|
+ N_(" file which holds the encryption PIN\n"),
|
|
+ N_(" -P PIN, --pin=PIN PIN value\n"),
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* Certificate handling settings:\n"),
|
|
- N_(" -I NAME nickname to give to tracking request\n"),
|
|
- N_(" -r attempt to renew the certificate when expiration nears (default)\n"),
|
|
- N_(" -R don't attempt to renew the certificate when expiration nears\n"),
|
|
+ N_(" -I NAME, --new-id=NAME\n"),
|
|
+ N_(" nickname to give to tracking request\n"),
|
|
+ N_(" -r, --renew attempt to renew the certificate when\n"),
|
|
+ N_(" expiration nears (default)\n"),
|
|
+ N_(" -R, --no-renew don't attempt to renew the certificate when\n"),
|
|
+ N_(" expiration nears\n"),
|
|
#ifndef FORCE_CA
|
|
- N_(" -c CA use the specified CA rather than the default\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
#endif
|
|
- N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
+ N_(" -T PROFILE, --profile=NAME\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named profile or template\n"),
|
|
N_(" --ms-template-spec SPEC\n"),
|
|
- N_(" include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
- N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
+ N_(" include V2 template specifier in CSR\n"),
|
|
+ N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
+ N_(" -X ISSUER, --issuer=ISSUER\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named issuer\n"),
|
|
N_("* Parameters for the signing request at renewal time:\n"),
|
|
- N_(" -U EXTUSAGE override requested extended key usage OID\n"),
|
|
- N_(" -u KEYUSAGE set requested key usage value\n"),
|
|
- N_(" -K NAME override requested principal name\n"),
|
|
- N_(" -D DNSNAME override requested DNS name\n"),
|
|
- N_(" -E EMAIL override requested email address\n"),
|
|
- N_(" -A ADDRESS override requested IP address\n"),
|
|
- N_(" -l FILE file which holds an optional challenge password\n"),
|
|
- N_(" -L PASSWORD an optional challenge password value\n"),
|
|
+ N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
|
|
+ N_(" override requested extended key usage OID\n"),
|
|
+ N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
|
|
+ N_(" set requested key usage value\n"),
|
|
+ N_(" -K NAME, --principal=NAME\n"),
|
|
+ N_(" override requested principal name\n"),
|
|
+ N_(" -D DNSNAME, --dns=DNSNAME\n"),
|
|
+ N_(" override requested DNS name\n"),
|
|
+ N_(" -E EMAIL, --email=EMAIL\n"),
|
|
+ N_(" override requested email address\n"),
|
|
+ N_(" -A ADDRESS, --ip-address=ADDRESS\n"),
|
|
+ N_(" override requested IP address\n"),
|
|
+ N_(" -l FILE, --challenge-password-file=FILE\n"),
|
|
+ N_(" file which holds an optional challenge password\n"),
|
|
+ N_(" -L PASSWORD, --challenge-password=PASSWORD\n"),
|
|
+ N_(" an optional challenge password value\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -B command to run before saving the certificate\n"),
|
|
- N_(" -C command to run after saving the certificate\n"),
|
|
- N_(" -F file in which to store the CA's certificates\n"),
|
|
- N_(" -a NSS database in which to store the CA's certificates\n"),
|
|
- N_(" -w try to wait for the certificate to be issued\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -B COMMAND, --before-command=COMMAND\n"),
|
|
+ N_(" command to run before saving the certificate\n"),
|
|
+ N_(" -C COMMAND, --after-command=COMMAND\n"),
|
|
+ N_(" command to run after saving the certificate\n"),
|
|
+ N_(" -F FILE, --ca-file=FILE\n"),
|
|
+ N_(" file in which to store the CA's certificates\n"),
|
|
+ N_(" -a DIR, --ca-dbdir=DIR\n"),
|
|
+ N_(" NSS database in which to store the CA's certificates\n"),
|
|
+ N_(" -w, --wait try to wait for the certificate to be issued\n"),
|
|
+ N_(" --wait-timeout TIMEOUT\n"),
|
|
+ N_(" Maximum time to wait for the certificateto be issued\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
+ N_(" -o OWNER, --key-owner=OWNER\n"),
|
|
+ N_(" owner information for private key\n"),
|
|
+ N_(" -m MODE, --key-perms=MODE\n"),
|
|
+ N_(" file permissions for private key\n"),
|
|
+ N_(" -O OWNER, --cert-owner=OWNER\n"),
|
|
+ N_(" owner information for certificate\n"),
|
|
+ N_(" -M MODE, --cert-perms=MODE\n"),
|
|
+ N_(" file permissions for certificate\n"),
|
|
NULL,
|
|
};
|
|
const char *stop_tracking_help[] = {
|
|
@@ -4965,21 +5040,24 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Required arguments:\n"),
|
|
N_("* By request identifier:\n"),
|
|
- N_(" -i NAME nickname for tracking request\n"),
|
|
+ N_(" -i NAME, --id=NAME nickname for tracking request\n"),
|
|
N_("* If using an NSS database for storage:\n"),
|
|
- N_(" -d DIR NSS database for key and cert\n"),
|
|
- N_(" -n NAME nickname for NSS-based storage (only valid with -d)\n"),
|
|
- N_(" -t NAME optional token name for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
N_("* If using files for storage:\n"),
|
|
- N_(" -k FILE PEM file for private key\n"),
|
|
- N_(" -f FILE PEM file for certificate (only valid with -k)\n"),
|
|
+ N_(" -k FILE, --keyfile=FILE\n"),
|
|
+ N_(" PEM file for private key\n"),
|
|
+ N_(" -f FILE, --certfile=FILE\n"),
|
|
+ N_(" PEM file for certificate (only valid with -k)\n"),
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
+ "\n",
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *resubmit_help[] = {
|
|
@@ -4987,49 +5065,81 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Required arguments:\n"),
|
|
N_("* By request identifier:\n"),
|
|
- N_(" -i NAME nickname for tracking request\n"),
|
|
+ N_(" -i NAME, --id=NAME nickname for tracking request\n"),
|
|
N_("* If using an NSS database for storage:\n"),
|
|
- N_(" -d DIR NSS database for key and cert\n"),
|
|
- N_(" -n NAME nickname for NSS-based storage (only valid with -d)\n"),
|
|
- N_(" -t NAME optional token name for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"),
|
|
+ N_(" (only valid with -d)\n"),
|
|
N_("* If using files for storage:\n"),
|
|
N_(" -f FILE PEM file for certificate\n"),
|
|
"\n",
|
|
N_("* If keys are encrypted:\n"),
|
|
- N_(" -p FILE file which holds the encryption PIN\n"),
|
|
- N_(" -P PIN PIN value\n"),
|
|
+ N_(" -p FILE, --pinfile=FILE\n"),
|
|
+ N_(" file which holds the encryption PIN\n"),
|
|
+ N_(" -P PIN, --pin=PIN PIN value\n"),
|
|
"\n",
|
|
N_("* New parameter values for the signing request:\n"),
|
|
- N_(" -N NAME set requested subject name (default: CN=<hostname>)\n"),
|
|
- N_(" -U EXTUSAGE set requested extended key usage OID\n"),
|
|
- N_(" -u KEYUSAGE set requested key usage value\n"),
|
|
- N_(" -K NAME set requested principal name\n"),
|
|
- N_(" -D DNSNAME set requested DNS name\n"),
|
|
- N_(" -E EMAIL set requested email address\n"),
|
|
- N_(" -A ADDRESS set requested IP address\n"),
|
|
- N_(" -l FILE file which holds an optional challenge password\n"),
|
|
- N_(" -L PASSWORD an optional challenge password value\n"),
|
|
+ N_(" -N NAME, --subject-name=NAME\n"),
|
|
+ N_(" set requested subject name (default: CN=<hostname>)\n"),
|
|
+ N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
|
|
+ N_(" override requested extended key usage OID\n"),
|
|
+ N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
|
|
+ N_(" set requested key usage value\n"),
|
|
+ N_(" -K NAME, --principal=NAME\n"),
|
|
+ N_(" override requested principal name\n"),
|
|
+ N_(" -D DNSNAME, --dns=DNSNAME\n"),
|
|
+ N_(" override requested DNS name\n"),
|
|
+ N_(" -E EMAIL, --email=EMAIL\n"),
|
|
+ N_(" override requested email address\n"),
|
|
+ N_(" -A ADDRESS, --ip-address=ADDRESS\n"),
|
|
+ N_(" override requested IP address\n"),
|
|
+ N_(" -l FILE, --challenge-password-file=FILE\n"),
|
|
+ N_(" file which holds an optional challenge password\n"),
|
|
+ N_(" -L PASSWORD, --challenge-password=PASSWORD\n"),
|
|
+ N_(" an optional challenge password value\n"),
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* Certificate handling settings:\n"),
|
|
- N_(" -I NAME new nickname to give to tracking request\n"),
|
|
+ N_(" -I NAME, --new-id=NAME\n"),
|
|
+ N_(" nickname to give to tracking request\n"),
|
|
#ifndef FORCE_CA
|
|
- N_(" -c CA use the specified CA rather than the current one\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
#endif
|
|
- N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
+ N_(" -T PROFILE, --profile=NAME\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named profile or template\n"),
|
|
N_(" --ms-template-spec SPEC\n"),
|
|
- N_(" include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
- N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
+ N_(" include V2 template specifier in CSR\n"),
|
|
+ N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
+ N_(" -X ISSUER, --issuer=ISSUER\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named issuer\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -B command to run before saving the certificate\n"),
|
|
- N_(" -C command to run after saving the certificate\n"),
|
|
- N_(" -F file in which to store the CA's certificates\n"),
|
|
- N_(" -a NSS database in which to store the CA's certificates\n"),
|
|
- N_(" -w try to wait for the certificate to be issued\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -B COMMAND, --before-command=COMMAND\n"),
|
|
+ N_(" command to run before saving the certificate\n"),
|
|
+ N_(" -C COMMAND, --after-command=COMMAND\n"),
|
|
+ N_(" command to run after saving the certificate\n"),
|
|
+ N_(" -F FILE, --ca-file=FILE\n"),
|
|
+ N_(" file in which to store the CA's certificates\n"),
|
|
+ N_(" -a DIR, --ca-dbdir=DIR\n"),
|
|
+ N_(" NSS database in which to store the CA's certificates\n"),
|
|
+ N_(" -w, --wait try to wait for the certificate to be issued\n"),
|
|
+ N_(" --wait-timeout TIMEOUT\n"),
|
|
+ N_(" Maximum time to wait for the certificateto be issued\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
+ N_(" -o OWNER, --key-owner=OWNER\n"),
|
|
+ N_(" owner information for private key\n"),
|
|
+ N_(" -m MODE, --key-perms=MODE\n"),
|
|
+ N_(" file permissions for private key\n"),
|
|
+ N_(" -O OWNER, --cert-owner=OWNER\n"),
|
|
+ N_(" owner information for certificate\n"),
|
|
+ N_(" -M MODE, --cert-perms=MODE\n"),
|
|
+ N_(" file permissions for certificate\n"),
|
|
NULL,
|
|
};
|
|
const char *rekey_help[] = {
|
|
@@ -5037,51 +5147,80 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Required arguments:\n"),
|
|
N_("* By request identifier:\n"),
|
|
- N_(" -i NAME nickname for tracking request\n"),
|
|
+ N_(" -i NAME, --id=NAME nickname for tracking request\n"),
|
|
N_("* If using an NSS database for storage:\n"),
|
|
- N_(" -d DIR NSS database for key and cert\n"),
|
|
- N_(" -n NAME nickname for NSS-based storage (only valid with -d)\n"),
|
|
- N_(" -t NAME optional token name for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"),
|
|
+ N_(" (only valid with -d)\n"),
|
|
N_("* If using files for storage:\n"),
|
|
- N_(" -f FILE PEM file for certificate\n"),
|
|
+ N_(" -f FILE, --certfile=FILE\n"),
|
|
+ N_(" PEM file for certificate\n"),
|
|
"\n",
|
|
N_("* If keys are encrypted:\n"),
|
|
- N_(" -p FILE file which holds the encryption PIN\n"),
|
|
- N_(" -P PIN PIN value\n"),
|
|
+ N_(" -p FILE, --pinfile=FILE\n"),
|
|
+ N_(" file which holds the encryption PIN\n"),
|
|
+ N_(" -P PIN, --pin=PIN PIN value\n"),
|
|
"\n",
|
|
N_("* New parameter values for the signing request:\n"),
|
|
- N_(" -N NAME set requested subject name (default: CN=<hostname>)\n"),
|
|
- N_(" -U EXTUSAGE set requested extended key usage OID\n"),
|
|
- N_(" -u KEYUSAGE set requested key usage value\n"),
|
|
- N_(" -K NAME set requested principal name\n"),
|
|
- N_(" -D DNSNAME set requested DNS name\n"),
|
|
- N_(" -E EMAIL set requested email address\n"),
|
|
- N_(" -A ADDRESS set requested IP address\n"),
|
|
- N_(" -l FILE file which holds an optional challenge password\n"),
|
|
- N_(" -L PASSWORD an optional challenge password value\n"),
|
|
+ N_(" -N NAME, --subject-name=NAME\n"),
|
|
+ N_(" set requested subject name (default: CN=<hostname>)\n"),
|
|
+ N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
|
|
+ N_(" override requested extended key usage OID\n"),
|
|
+ N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
|
|
+ N_(" set requested key usage value\n"),
|
|
+ N_(" -K NAME, --principal=NAME\n"),
|
|
+ N_(" override requested principal name\n"),
|
|
+ N_(" -D DNSNAME, --dns=DNSNAME\n"),
|
|
+ N_(" override requested DNS name\n"),
|
|
+ N_(" -E EMAIL, --email=EMAIL\n"),
|
|
+ N_(" override requested email address\n"),
|
|
+ N_(" -A ADDRESS, --ip-address=ADDRESS\n"),
|
|
+ N_(" override requested IP address\n"),
|
|
+ N_(" -l FILE, --challenge-password-file=FILE\n"),
|
|
+ N_(" file which holds an optional challenge password\n"),
|
|
+ N_(" -L PASSWORD, --challenge-password=PASSWORD\n"),
|
|
+ N_(" an optional challenge password value\n"),
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* Certificate handling settings:\n"),
|
|
- N_(" -I NAME new nickname to give to tracking request\n"),
|
|
+ N_(" -I NAME, --new-id=NAME\n"),
|
|
+ N_(" new nickname to give to tracking request\n"),
|
|
#ifndef FORCE_CA
|
|
- N_(" -c CA use the specified CA rather than the current one\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
#endif
|
|
- N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
+ N_(" -T PROFILE, --profile=NAME\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named profile or template\n"),
|
|
N_(" --ms-template-spec SPEC\n"),
|
|
- N_(" include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
- N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
- N_(" -G TYPE type of new key to be generated\n"),
|
|
- N_(" -g SIZE size of new key to be generated\n"),
|
|
+ N_(" include V2 template specifier in CSR\n"),
|
|
+ N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
|
|
+ N_(" -X ISSUER, --issuer=ISSUER\n"),
|
|
+ N_(" ask the CA to process the request using the\n"),
|
|
+ N_(" named issuer\n"),
|
|
+ N_(" -G TYPE, --key-type=TYPE\n"),
|
|
+ N_(" type of key to be generated if one is not already\n"),
|
|
+ N_(" in place\n"),
|
|
+ N_(" -g BITS, --key-size=BITS\n"),
|
|
+ N_(" size of key to be generated if one is not already\n"),
|
|
+ N_(" in place\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -B command to run before saving the certificate\n"),
|
|
- N_(" -C command to run after saving the certificate\n"),
|
|
- N_(" -F file in which to store the CA's certificates\n"),
|
|
- N_(" -a NSS database in which to store the CA's certificates\n"),
|
|
- N_(" -w try to wait for the certificate to be issued\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -B COMMAND, --before-command=COMMAND\n"),
|
|
+ N_(" command to run before saving the certificate\n"),
|
|
+ N_(" -C COMMAND, --after-command=COMMAND\n"),
|
|
+ N_(" command to run after saving the certificate\n"),
|
|
+ N_(" -F FILE, --ca-file=FILE\n"),
|
|
+ N_(" file in which to store the CA's certificates\n"),
|
|
+ N_(" -a DIR, --ca-dbdir=DIR\n"),
|
|
+ N_(" NSS database in which to store the CA's certificates\n"),
|
|
+ N_(" -w, --wait try to wait for the certificate to be issued\n"),
|
|
+ N_(" --wait-timeout TIMEOUT\n"),
|
|
+ N_(" Maximum time to wait for the certificateto be issued\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *list_help[] = {
|
|
@@ -5090,46 +5229,52 @@ help(const char *twopartcmd, const char *category)
|
|
N_("Optional arguments:\n"),
|
|
N_("* General options:\n"),
|
|
#ifndef FORCE_CA
|
|
- N_(" -c CA list only requests and certs associated with this CA\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
#endif
|
|
- N_(" -r list only information about outstanding requests\n"),
|
|
- N_(" -t list only information about tracked certificates\n"),
|
|
- N_(" -u display times in UTC instead of local time\n"),
|
|
+ N_(" -r, --requests-only list only information about outstanding requests\n"),
|
|
+ N_(" -t, --tracking-only list only information about tracked certificates\n"),
|
|
+ N_(" -u, --utc display times in UTC instead of local time\n"),
|
|
N_("* If selecting a specific request:\n"),
|
|
- N_(" -i NAME nickname for tracking request\n"),
|
|
+ N_(" -i NAME, --id=NAME nickname for tracking request\n"),
|
|
N_("* If using an NSS database for storage:\n"),
|
|
- N_(" -d DIR only list requests and certs which use this NSS database\n"),
|
|
- N_(" -n NAME only list requests and certs which use this nickname\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
N_("* If using files for storage:\n"),
|
|
- N_(" -f FILE only list requests and certs stored in this PEM file\n"),
|
|
+ N_(" -f FILE, --certfile=FILE\n"),
|
|
+ N_(" only list requests and certs stored in this PEM file\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *refresh_help[] = {
|
|
N_("Usage: %s refresh [options]\n"),
|
|
"\n",
|
|
N_("* General options:\n"),
|
|
- N_(" -a refresh information about all outstanding requests\n"),
|
|
+ N_(" -a, --all refresh information about all outstanding requests\n"),
|
|
"\n",
|
|
N_("Required arguments:\n"),
|
|
N_("* By request identifier:\n"),
|
|
- N_(" -i NAME nickname for tracking request\n"),
|
|
+ N_(" -i NAME, --id=NAME nickname for tracking request\n"),
|
|
N_("* If using an NSS database for storage:\n"),
|
|
- N_(" -d DIR NSS database for key and cert\n"),
|
|
- N_(" -n NAME nickname for NSS-based storage (only valid with -d)\n"),
|
|
- N_(" -t NAME optional token name for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
+ N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"),
|
|
+ N_(" (only valid with -d)\n"),
|
|
N_("* If using files for storage:\n"),
|
|
- N_(" -f FILE PEM file for certificate\n"),
|
|
+ N_(" -f FILE, --certfile=FILE\n"),
|
|
+ N_(" PEM file for certificate\n"),
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
+ N_("* Other options:\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *status_help[] = {
|
|
@@ -5137,17 +5282,19 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* Selecting a specific request:\n"),
|
|
- N_(" -i NAME nickname for tracking request\n"),
|
|
+ N_(" -i NAME, --id=NAME nickname for tracking request\n"),
|
|
N_("* When using an NSS database for storage:\n"),
|
|
- N_(" -d DIR return status for the request in this NSS database\n"),
|
|
- N_(" -n NAME return status for cert which uses this nickname\n"),
|
|
+ N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"),
|
|
+ N_(" -n NAME, --nickname NAME\n"),
|
|
+ N_(" nickname for NSS-based storage (only valid with -d)\n"),
|
|
N_("* When using files for storage:\n"),
|
|
- N_(" -f FILE return status for cert stored in this PEM file\n"),
|
|
+ N_(" -f FILE, --certfile=FILE\n"),
|
|
+ N_(" return status for cert stored in this PEM file\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *list_cas_help[] = {
|
|
@@ -5156,13 +5303,13 @@ help(const char *twopartcmd, const char *category)
|
|
N_("Optional arguments:\n"),
|
|
#ifndef FORCE_CA
|
|
N_("* General options:\n"),
|
|
- N_(" -c CA list only information about the CA with this name\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
#endif
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *refresh_ca_help[] = {
|
|
@@ -5171,14 +5318,14 @@ help(const char *twopartcmd, const char *category)
|
|
N_("Optional arguments:\n"),
|
|
#ifndef FORCE_CA
|
|
N_("* General options:\n"),
|
|
- N_(" -c CA refresh information about the CA with this name\n"),
|
|
- N_(" -a refresh information about all known CAs\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
+ N_(" -a, --all refresh information about all known CAs\n"),
|
|
#endif
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
#ifndef FORCE_CA
|
|
@@ -5187,13 +5334,13 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* General options:\n"),
|
|
- N_(" -c CA nickname to give to the new CA configuration\n"),
|
|
- N_(" -e CMD helper command to run to communicate with CA\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
+ N_(" -e CMD, --command CMD helper command to run to communicate with CA\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *add_scep_ca_help[] = {
|
|
@@ -5201,18 +5348,23 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* General options:\n"),
|
|
- N_(" -c CA nickname to give to the new CA configuration\n"),
|
|
- N_(" -u URL location of SCEP server\n"),
|
|
- N_(" -i ID CA identifier\n"),
|
|
- N_(" -R FILE file containing CA's certificate\n"),
|
|
- N_(" -r FILE file containing RA's certificate\n"),
|
|
- N_(" -I FILE file containing certificates in RA's certifying chain\n"),
|
|
- N_(" -n prefer not to use the SCEP Renewal feature\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
+ N_(" -u URL, --URL URL location of SCEP server\n"),
|
|
+ N_(" -i ID, --id ID CA identifier\n"),
|
|
+ N_(" -R FILE, --cacert=FILE\n"),
|
|
+ N_(" file containing web server's certificate\n"),
|
|
+ N_(" -r FILE, --racert=FILE\n"),
|
|
+ N_(" file containing RA's certificate\n"),
|
|
+ N_(" -N FILE, --signingca=FILE\n"),
|
|
+ N_(" file containing CA's certificate\n"),
|
|
+ N_(" -I FILE, --other-certs=FILE\n"),
|
|
+ N_(" file containing certificates in RA's certifying chain\n"),
|
|
+ N_(" -n, --non-renewal prefer not to use the SCEP Renewal feature\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *modify_ca_help[] = {
|
|
@@ -5220,13 +5372,13 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* General options:\n"),
|
|
- N_(" -c CA nickname of the CA configuration\n"),
|
|
- N_(" -e CMD updated helper command to run to communicate with CA\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
+ N_(" -e CMD, --command CMD helper command to run to communicate with CA\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
const char *remove_ca_help[] = {
|
|
@@ -5234,12 +5386,12 @@ help(const char *twopartcmd, const char *category)
|
|
"\n",
|
|
N_("Optional arguments:\n"),
|
|
N_("* General options:\n"),
|
|
- N_(" -c CA nickname of CA configuration to remove\n"),
|
|
+ N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"),
|
|
N_("* Bus options:\n"),
|
|
- N_(" -S connect to the certmonger service on the system bus\n"),
|
|
- N_(" -s connect to the certmonger service on the session bus\n"),
|
|
+ N_(" -S, --system connect to the certmonger service on the system bus\n"),
|
|
+ N_(" -s, --session connect to the certmonger service on the session bus\n"),
|
|
N_("* Other options:\n"),
|
|
- N_(" -v report all details of errors\n"),
|
|
+ N_(" -v, --verbose report all details of errors\n"),
|
|
NULL,
|
|
};
|
|
#endif
|
|
diff --git a/src/scep.c b/src/scep.c
|
|
index 4294cda..4dde1ce 100644
|
|
--- a/src/scep.c
|
|
+++ b/src/scep.c
|
|
@@ -230,7 +230,7 @@ main(int argc, const char **argv)
|
|
{"url", 'u', POPT_ARG_STRING, &url, 0, "service location", "URL"},
|
|
{"ca-identifier", 'i', POPT_ARG_STRING, &id, 0, "name to use when querying for capabilities", "IDENTIFIER"},
|
|
{"retrieve-ca-capabilities", 'c', POPT_ARG_NONE, NULL, 'c', "make a GetCACaps request", NULL},
|
|
- {"retrieve-ca-certificates", 'C', POPT_ARG_NONE, NULL, 'C', "make GetCACert/GetCAChain requests", NULL},
|
|
+ {"retrieve-ca-certificates", 'C', POPT_ARG_NONE, NULL, 'C', "make GetCACert request", NULL},
|
|
{"get-initial-cert", 'g', POPT_ARG_NONE, NULL, 'g', "send a PKIOperation pkiMessage", NULL},
|
|
{"pki-message", 'p', POPT_ARG_NONE, NULL, 'p', "send a PKIOperation pkiMessage", NULL},
|
|
{"racert", 'r', POPT_ARG_STRING, NULL, 'r', "the RA certificate, used for encrypting requests", "FILENAME"},
|
|
--
|
|
2.21.1
|
|
|