+.de IQ
+. br
+. ns
+. IP "\\$1"
+..
.TH ovs\-pki 8 "May 2008" "Open vSwitch" "Open vSwitch Manual"
.SH NAME
.br
\fBovs\-pki\fR \fBfingerprint\fR \fIFILE\fR
.br
-\fBovs\-pki\fR \fBself-sign\fR \fINAME\fR
+\fBovs\-pki\fR \fBself\-sign\fR \fINAME\fR
.sp
The following additional commands manage an online PKI:
.br
The available options are:
.br
[\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR]
+.br
[\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR]
+.br
[\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR]
+.br
[\fB\-b\fR | \fB\-\^\-batch\fR]
+.br
[\fB\-f\fR | \fB\-\^\-force\fR]
+.br
[\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR]
+.br
[\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR]
-[\fB\-h\fR | \fB\-\^\-help\fR]
.br
+[\fB\-h\fR | \fB\-\^\-help\fR]
+.sp
Some options do not apply to every command.
.SH DESCRIPTION
file.
.TP
-\fBself-sign\fR \fINAME\fR
+\fBself\-sign\fR \fINAME\fR
Signs the certificate request named \fINAME\fB\-req.pem\fR using the
-private key \fINAME\fB-privkey.pem\fR, producing a self-signed
+private key \fINAME\fB\-privkey.pem\fR, producing a self-signed
certificate named \fINAME\fB\-cert.pem\fR. The input files should have
been produced with \fBovs\-pki req\fR.
\fIN\fBmin\fR, \fIN\fBh\fR, \fIN\fBday\fR. The default is \fB1day\fR.
.SH OPTIONS
-.TP
-\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR
+.IP "\fB\-k\fR \fItype\fR"
+.IQ "\fB\-\^\-key=\fItype\fR"
For the \fBinit\fR command, sets the public key algorithm to use for
the new PKI hierarchy. For the \fBreq\fR and \fBreq+sign\fR commands,
sets the public key algorithm to use for the key to be generated,
The \fItype\fR may be \fBrsa\fR (the default) or \fBdsa\fR.
-.TP
-\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR
+.IP "\fB\-B\fR \fInbits\fR"
+.IQ "\fB\-\^\-bits=\fInbits\fR"
Sets the number of bits in the key to be generated. When RSA keys are
in use, this option affects only the \fBinit\fR, \fBreq\fR, and
\fBreq+sign\fR commands, and the same value should be given each time.
The value must be at least 1024. The default is 2048.
-.TP
-\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR
+.IP "\fB\-D\fR \fIfile\fR"
+.IQ "\fB\-\^\-dsaparam=\fIfile\fR"
Specifies an alternate location for the \fBdsaparam.pem\fR file
required by the \fBreq\fR and \fBreq+sign\fR commands. This option
affects only these commands, and only when DSA keys are used.
The default is \fBdsaparam.pem\fR under the PKI hierarchy.
-.TP
-\fB\-b\fR | \fB\-\^\-batch\fR
+.IP "\fB\-b\fR"
+.IQ "\fB\-\^\-batch\fR"
Suppresses the interactive verification of fingerprints that the
\fBsign\fR and \fBapprove\fR commands by default require.
-.TP
-\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR
+.IP "\fB\-d\fR \fIdir\fR"
+.IQ "\fB\-\^\-dir=\fR\fIdir\fR"
Specifies the location of the PKI hierarchy to be used or created by
the command (default: \fB@PKIDIR@\fR). All commands, except \fBreq\fR,
need access to a PKI hierarchy.
-.TP
-\fB\-f\fR | \fB\-\^\-force\fR
+.IP "\fB\-f\fR"
+.IQ "\fB\-\^\-force\fR"
By default, \fBovs\-pki\fR will not overwrite existing files or
directories. This option overrides this behavior.
-.TP
-\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR
+.IP "\fB\-l\fR \fIfile\fR"
+.IQ "\fB\-\^\-log=\fIfile\fR"
Sets the log file to \fIfile\fR. Default:
\fB@LOGDIR@/ovs\-pki.log\fR.
-.TP
-\fB\-h\fR | \fB\-\^\-help\fR
+.IP "\fB\-h\fR"
+.IQ "\fB\-\^\-help\fR"
Prints a help usage message and exits.
.SH "SEE ALSO"
-.BR controller (8),
-.BR ovs\-pki\-cgi (8),
-.BR secchan (8)
+.BR ovs\-controller (8),
+.BR ovs\-pki\-cgi (8)