Re: [Pki-devel] [PATCH] CMCEnroll man page + (proposed) HEADER/FOOTER changes

2016-08-19 Thread John Magne 
ACK with a couple of caveats to fix:

Comments:


SYNOPSIS
   CMCEnroll  -d  -n 
 -r 
   -p 

The -d entry might be a little misleading. I think just saying this is a 
directory with the NSS db containing the agent cert should clarify.


  (4) Submit the signed certificate through the CA end-entities page:

  (a) Open the end-entities page.

This one I think should be "Submit the signed certificate request" 


That's it




- Original Message -
From: "Matthew Harmsen" 
To: "pki-devel" 
Sent: Thursday, August 18, 2016 5:46:15 PM
Subject: [Pki-devel] [PATCH] CMCEnroll man page + (proposed) HEADER/FOOTER  
changes



Please review the following patches which add a CMCEnroll man page AND proposes 
code changes to the command line tools to allow them to used the preferred RFC 
7468 HEADERS and TRAILERS (see https://www.rfc-editor.org/rfc/rfc7468.txt ): 

* PKI TRAC Ticket #690 - [MAN] pki-tools man pages 
* PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements 


The first patch contains all of the code changes, and the second patch simply 
contains the associated spec file change. 

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] CMCEnroll man page + (proposed) HEADER/FOOTER changes

2016-08-18 Thread Matthew Harmsen 
Please review the following patches which add a CMCEnroll man page AND 
proposes code changes to the command line tools to allow them to used 
the preferred RFC 7468 HEADERS and TRAILERS (see 
https://www.rfc-editor.org/rfc/rfc7468.txt):


 * PKI TRAC Ticket #690 - [MAN] pki-tools man pages
   
 * PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
   

The first patch contains all of the code changes, and the second patch 
simply contains the associated spec file change.


From ebfb6a5c8288f87e7fbd2d4650afc2e7383f6865 Mon Sep 17 00:00:00 2001
From: Matthew Harmsen 
Date: Thu, 18 Aug 2016 18:31:42 -0600
Subject: [PATCH] pki-tools CMCEnroll man page plus HEADER/FOOTER changes

* PKI TRAC Ticket #690 - [MAN] pki-tools man pages
  - CMCEnroll
* PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
---
 base/java-tools/man/man1/CMCEnroll.1   | 570 +
 .../src/com/netscape/cmstools/CMCEnroll.java   |  13 +-
 .../src/com/netscape/cmstools/CMCRequest.java  |   4 +-
 .../src/com/netscape/cmstools/CMCRevoke.java   |  11 +-
 .../src/com/netscape/cmstools/CRMFPopClient.java   |   8 +-
 .../src/com/netscape/cmstools/PKCS10Client.java|  11 +-
 6 files changed, 599 insertions(+), 18 deletions(-)
 create mode 100644 base/java-tools/man/man1/CMCEnroll.1

diff --git a/base/java-tools/man/man1/CMCEnroll.1 b/base/java-tools/man/man1/CMCEnroll.1
new file mode 100644
index 000..405a1af
--- /dev/null
+++ b/base/java-tools/man/man1/CMCEnroll.1
@@ -0,0 +1,570 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH CMCEnroll 1 "July 20, 2016" "version 10.3" "PKI CMC Enrollment Tool" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nhdisable hyphenation
+.\" .hyenable hyphenation
+.\" .ad l  left justify
+.\" .ad b  justify to both left and right margins
+.\" .nfdisable filling
+.\" .fienable filling
+.\" .brinsert line break
+.\" .sp insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+CMCEnroll \- Used to sign a certificate request with an agent's certificate.
+
+.SH SYNOPSIS
+.PP
+\fBCMCEnroll -d  -n  -r  -p \fP
+
+.SH DESCRIPTION
+.PP
+The Certificate Management over Cryptographic Message Syntax (CMC) Enrollment utility, \fBCMCEnroll\fP, provides a command-line utility used to sign a certificate request with an agent's certificate. This can be used in conjunction with the CA end-entity CMC Enrollment form to sign and enroll certificates for users.
+.PP
+\fBCMCEnroll\fP takes a standard PKCS #10 certificate request and signs it with an agent certificate. The output is also a certificate request which can be submitted through the appropriate profile.
+
+.SH OPTIONS
+.PP
+The following parameters are mandatory:
+.PP
+\fBNote:\fP
+Surround values that include spaces with quotation marks.
+.TP
+.B -d 
+The directory containing the \fBcert8.db\fP, \fBkey3.db\fP, and \fBsecmod.db\fP files associated with the agent certificate. This is usually the agent's personal directory, such as their browser certificate database in the home directory.
+
+.TP
+.B -n 
+The nickname of the agent certificate that is used to sign the request.
+
+.TP
+.B -r 
+The filename of the certificate request.
+
+.TP
+.B -p 
+The password to the NSS certificate database which contains the agent certificate, given in \fB-d \fP.
+
+.SH EXAMPLES
+.PP
+Signed requests must be submitted to the CA to be processed.
+.PP
+\fBNote:\fP For this example to work automatically, the \fBCMCAuth\fP plug-in must be enabled on the CA server (which it is by default).
+.TP
+(1) Create a PKCS #10 certificate request using a tool like \fBcertutil\fP:
+.IP
+.nf
+# cd ~/.mozilla/firefox/
+
+# certutil -d . -L
+Certificate Nickname Trust Attributes
+ SSL,S/MIME,JAR/XPI
+
+Google Internet Authority G2 ,,   
+COMODO RSA Domain Validation Secure Server CA,,   
+pki.example.com  ,,   
+DigiCert SHA2 Secure Server CA   ,,   
+DigiCert SHA2 Extended Validation Server CA  ,,   
+COMODO RSA Extended Validation Secure Server CA 2,,   
+Symantec Class 3 Secure Server CA - G4   ,,   
+Go Daddy Secure Certificate Authority - G2   ,,   
+Oracle SSL CA - G2   ,,   
+GeoTrust EV SSL CA - G4  ,,   
+Symantec Class 3 Secure Server SHA256 SSL CA ,,   
+GeoTrust SSL CA - G3