This patch adds an API call to the ProfileService interface to obtain an enrollment template for a particular profile. The template is simply a CertEnrollmentRequest with the relevant inputs for the profile filled in. The user would then need to simply enter the relevant values and submit the request using the REST API cert-request-submit. I think that someone who is using this interface would do one of two things: 1. Manually edit the template to generate the request. 2. Write client code to add the relevant data to the CertEnrollmentRequest object. In fact, I plan to submit a patch that will extend the pki CLI to allow you to enter the data for a request interactively or through command line arguments. It would go something like this: 1. pki cert-request-submit --profile caCertUser 2. CLI will contact Profile service and get the relevant template which is a CertEnrollmentRequest object. 3. CLI will then iterate through the attributes (which are all uniquely named) and prompt for their value. The descriptor metadata can be used to help generate the prompt. 4. CLI will take these results, populate the CertEnrollmentRequest and send to server. 5. CLI can also take an invocation that looks like this perhaps: pki cert-request-submit --profile caCertUser --profileArgs [--sn_e alee(a)redhat.com --sn_cn "Ade Lee" ... ] so that you can do it all on the command line. Please review. Ade _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel