1pki-ca-kraconnector(P1K)I CA-KRA Connector Management Commanpdksi-ca-kraconnector(1)
2
3
4

NAME

6       pki-ca-kraconnector  -  Command-Line Interface for managing CA-KRA con‐
7       nectors.
8
9

SYNOPSIS

11       pki [CLI options] ca-kraconnector
12       pki [CLI options] ca-kraconnector-show
13       pki [CLI options] ca-kraconnector-add --input-file <input file> | --host <KRA host> --port <KRA port>
14       pki [CLI options] ca-kraconnector-del --host <KRA host> --port <KRA port>
15
16

DESCRIPTION

18       The pki-ca-kraconnector commands  provide  command-line  interfaces  to
19       manage  CA-KRA  connectors.  This command should be applied against CAs
20       only.
21
22       When keys are archived,  the  CA  communicates  with  the  KRA  through
23       authenticated persistent connections called Connectors.  Because the CA
24       initiates the communication, the connector configuration  is  performed
25       on the CA only.  A Connector is automatically configured on the issuing
26       CA whenever a KRA is set up by pkispawn.
27
28       A CA may have only one KRA connector.  This connector can be configured
29       to  talk  to multiple KRAs (for high availability) only if the KRAs are
30       clones.
31
32       pki [CLI options] ca-kraconnector
33           This command is to list available KRA connector commands.
34
35       pki [CLI options] ca-kraconnector-show
36           This command is to view the configuration settings for  the  CA-KRA
37           connector configured on the CA.  These details can be redirected to
38           a file, modified as needed, and used as the input file for the  ca-
39           kraconnector-add command.
40
41       pki [CLI options] ca-kraconnector-add --input-file <input_file>
42           This command is to configure the CA-KRA connector on the CA subsys‐
43           tem.  The input file is an XML document as provided by the  ca-kra‐
44           connector-show command.
45
46           A CA-KRA connector can only be created from an input file only if a
47           connector does not already exist.  If one already exists, it should
48           be removed first.
49
50       pki  [CLI  options]  ca-kraconnector-add  --host <KRA host> --port <KRA
51       Port>
52           This command is to add a host to an existing CA-KRA connector.
53
54       pki [CLI options] ca-kraconnector-del --host  <KRA  Host>  --port  <KRA
55       Port>
56           This command is to delete a host from the CA-KRA connector on a CA.
57           If the last KRA host is removed,  the  connector  configuration  is
58           removed from the CA.
59
60

OPTIONS

62       The CLI options are described in pki(1).
63
64

OPERATIONS

66       To  view available CA-KRA connector commands, type pki ca-kraconnector.
67       To view  each  command's  usage,  type   pki  ca-kraconnector-<command>
68       --help.
69
70       All CA-KRA connector commands must be executed as the CA administrator.
71
72       To retrieve the CA-KRA connector configuration from the CA:
73
74       pki <CA admin authentication> ca-kraconnector-show
75
76       One  of  the  most  common use cases for these commands is to add a KRA
77       clone to an existing CA-KRA connector for high availability.  This  can
78       be done using the pki ca-kraconnector-add command as shown:
79
80       pki  <CA  admin  authentication>  ca-kraconnector-add --host kra2.exam‐
81       ple.com --port 8443
82
83       To delete a KRA clone from the connector:
84
85       pki <CA admin  authentication>  ca-kraconnector-del  --host  kra2.exam‐
86       ple.com --port 8443
87
88

AUTHOR

90       Ade Lee <alee@redhat.com>.
91
92

COPYRIGHT

94       Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General
95       Public License, version 2 (GPLv2). A copy of this license is  available
96       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
97
98
99
100version 10.3                     June 10, 2016          pki-ca-kraconnector(1)