1pki-server-kra(8)         PKI KRA Management Commands        pki-server-kra(8)
2
3
4

NAME

6       pki-server-kra - Command-line interface for managing PKI KRA.
7
8

SYNOPSIS

10       pki-server [CLI-options] kra-clone-prepare [command-options]
11       pki-server [CLI-options] kra-audit-event-find [command-options]
12       pki-server   [CLI-options]   kra-audit-event-enable   [command-options]
13       event-ID
14       pki-server  [CLI-options]   kra-audit-event-disable   [command-options]
15       event-ID
16       pki-server   [CLI-options]   kra-audit-event-modify   [command-options]
17       event-ID
18       pki-server [CLI-options] kra-audit-file-find [command-options]
19       pki-server [CLI-options] kra-audit-file-verify [command-options]
20
21

DESCRIPTION

23       The pki-server kra commands provide command-line interfaces  to  manage
24       PKI KRA.
25
26
27       pki-server [CLI-options] kra [command-options]
28           This command is to list available PKI KRA management commands.
29
30
31       pki-server [CLI-options] kra-clone-prepare [command-options]
32           This  command  export  KRA system certificates into a PKCS #12 file
33       with private keys.
34
35
36       pki-server [CLI-options] kra-audit-event-find [command-options]
37           This command list all the audit events which are enabled/disabled.
38
39
40       pki-server   [CLI-options]   kra-audit-event-enable   [command-options]
41       event-ID
42           This command will enable audit events in the KRA.
43
44
45       pki-server   [CLI-options]   kra-audit-event-disable  [command-options]
46       event-ID
47           This command will disable audit events in the KRA.
48
49
50       pki-server   [CLI-options]   kra-audit-event-modify   [command-options]
51       event-ID
52           This command will modify the event filter for audit events.
53
54
55       pki-server [CLI-options] kra-audit-file-find [command-options]
56           This command lists audit logs generated by the KRA.
57
58
59       pki-server [CLI-options] kra-audit-file-verify [command-options]
60           This  command  will  verify whether the signatures in the audit log
61       files are valid.
62
63

AUDIT EVENTS

65       Logging audit events:
66
67
68              · AUDIT_LOG_STARTUP
69
70              · AUDIT_LOG_SHUTDOWN
71
72              · AUDIT_LOG_DELETE
73
74              · LOG_PATH_CHANGE
75
76              · LOG_EXPIRATION_CHANGE
77
78              · CONFIG_SIGNED_AUDIT
79
80
81
82       Authentication and authorization audit events:
83
84
85              · AUTHZ
86
87              · AUTH
88
89              · ROLE_ASSUME
90
91              · CONFIG_AUTH
92
93              · CONFIG_ROLE
94
95              · ACCESS_SESSION_ESTABLISH
96
97              · ACCESS_SESSION_TERMINATED
98
99
100
101       Key audit events:
102
103
104              · PRIVATE_KEY_ARCHIVE_REQUEST
105
106              · PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
107
108              · PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
109
110              · CONFIG_TRUSTED_PUBLIC_KEY
111
112              · PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
113
114              · KEY_RECOVERY_REQUEST
115
116              · KEY_RECOVERY_REQUEST_ASYNC
117
118              · KEY_RECOVERY_AGENT_LOGIN
119
120              · KEY_RECOVERY_REQUEST_PROCESSED
121
122              · KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
123
124              · KEY_GEN_ASYMMETRIC
125
126              · COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS
127
128              · COMPUTE_SESSION_KEY_REQUEST
129
130              · COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE
131
132              · DIVERSIFY_KEY_REQUEST
133
134              · DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS
135
136              · DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE
137
138              · SERVER_SIDE_KEYGEN_REQUEST
139
140              · SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS
141
142              · SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE
143
144
145
146       CMC audit events:
147
148
149              · CMC_RESPONSE_SENT
150
151              · CMC_ID_POP_LINK_WITNESS
152
153              · CMC_SIGNED_REQUEST_SIG_VERIFY
154
155              · CMC_PROOF_OF_IDENTIFICATION
156
157              · CMC_REQUEST_RECEIVED
158
159              · CMC_USER_SIGNED_REQUEST_SIG_VERIFY
160
161              · PROOF_OF_POSSESSION
162
163
164
165       Profile audit events:
166
167
168              · CONFIG_CERT_PROFILE
169
170              · CONFIG_CRL_PROFILE
171
172              · CONFIG_OCSP_PROFILE
173
174
175
176       Certificate audit events:
177
178
179              · CERT_SIGNING_INFO
180
181              · CERT_PROFILE_APPROVAL
182
183              · CERT_REQUEST_PROCESSED
184
185              · CERT_STATUS_CHANGE_REQUEST
186
187              · CERT_STATUS_CHANGE_REQUEST_PROCESSED
188
189              · CONFIG_CERT_POLICY
190
191              · PROFILE_CERT_REQUEST
192
193              · CIMC_CERT_VERIFICATION
194
195              · NON_PROFILE_CERT_REQUEST
196
197
198
199       ACL audit events:
200
201
202              · CONFIG_ACL
203
204
205
206       OCSP audit events:
207
208
209              · OCSP_SIGNING_INFO
210
211              · OCSP_GENERATION
212
213
214
215       CRL audit events:
216
217
218              · SCHEDULE_CRL_GENERATION
219
220              · DELTA_CRL_PUBLISHING
221
222              · CRL_VALIDATION
223
224              · CRL_RETRIEVAL
225
226              · CRL_SIGNING_INFO
227
228              · FULL_CRL_GENERATION
229
230              · DELTA_CRL_GENERATION
231
232
233
234       Authority audit events:
235
236
237              · AUTHORITY_CONFIG
238
239              · SECURITY_DOMAIN_UPDATE
240
241              · CONFIG_DRM
242
243
244
245       Selftest audit events:
246
247
248              · SELFTESTS_EXECUTION
249
250
251
252       Encryption data audit events:
253
254
255              · CONFIG_ENCRYPTION
256
257              · ENCRYPT_DATA_REQUEST
258
259              · ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS
260
261              · ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE
262
263              · COMPUTE_RANDOM_DATA_REQUEST
264
265              · COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE
266
267              · COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS
268
269              · SECURITY_DATA_ARCHIVAL_REQUEST
270
271
272
273       Serial/random number audit events:
274
275
276              · INTER_BOUNDARY
277
278              · CONFIG_SERIAL_NUMBER
279
280              · RANDOM_GENERATION
281
282
283

SEE ALSO

285       pki-server(8)
286           PKI server management commands
287
288

AUTHORS

290       Amol Kahat lt;akahat@redhat.comgt;.
291
292
294       Copyright (c) 2018 Red Hat, Inc.  This is licensed under the  GNU  Gen‐
295       eral  Public  License,  version  2  (GPLv2).  A copy of this license is
296       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
297
298
299
300PKI                              Mar 21, 2018                pki-server-kra(8)
Impressum