1pki-healthcheck(8) pki-healthcheck CLI pki-healthcheck(8)
2
6 pki-healthcheck - Command-Line Interface to check health of a PKI
7 installation
8
11 pki-healthcheck [CLI-options]
12
15 A PKI installation can be complex, therefore identifying real or poten‐
16 tial issues can be difficult and require a lot of analysis. This tool
17 aims to reduce the burden by attempting to identify issues in advance
18 so that they can be corrected, ideally before the issue becomes criti‐
19 cal.
20 ORGANIZATION
23 The areas of the system to check are logically grouped together. This
24 grouping is called a source. A source consists of one or more checks.
25 A check is as atomic as possible to limit the scope and complexity.
28 Each check will return a result, either a result of WARNING, ERROR,
31 CRITICAL or SUCCESS. Returning SUCCESS tells you that the check was
32 done and was deemed correct.
33 Upon failure, the output will include name of the source and name
36 of the check that detected the failure along with a message and
37 name/value pairs indicating the problem. If a check can't make a final
38 determination, it throws WARNING so that it can be examined.
39
42 COMMANDS
43 --list-sources
44 Display a list of the available sources and the checks associated
45 with those sources.
46 OPTIONAL ARGUMENTS
49 --source=SOURCE
50 Execute one or more checks within this given source.
51 --check=CHECK
54 Execute this particular check within a source. A source must be
55 supplied as well with this option.
56 --output-type=[json|human]
59 Set the output type. Defaults to JSON.
60 --failures-only
63 Exclude SUCCESS results on output.
64 --severity=SEVERITY
67 Only report errors in the requested severity of SUCCESS, WARNING,
68 ERROR or CRITICAL. This can be provided multiple times to search on
69 multiple levels.
70 --debug
73 Generate additional debugging output.
74 JSON OUTPUT
77 The output is displayed as a list of result messages for each check
78 executed in JSON format. This could be input for a monitoring system.
79 --output-file=FILENAME
82 Write the output to this filename rather than stdout.
83 --indent=INDENT
86 Pretty-print the JSON with this indention level. This can make the
87 output more human-readable.
88 HUMAN-READABLE OUTPUT
91 The results are displayed in a more human-readable format.
92 --input-file=FILENAME
95 Take as input a JSON results output and convert it to a more
96 human-readable form.
97
100 0 if all checks were successful
101 1 if any one check failed or the command failed to execute properly
104
107 /etc/pki/healthcheck.conf
108
111 CHECKS INCLUDED
112 Certificate sync between CS.cfg and NSS database
113 Checks whether the system certificates in CS.cfg and NSS database
114 are the same
115 System certificate expiry
118 Checks the expiry status of the installed system certificates
119 System certificate trust flags
122 Checks whether the installed system certificates carry the correct
123 Trust flags
124 Subsystem connectivity check
127 Checks whether a subsystem is running and able to respond to
128 requests
129
132 Execute healthcheck with the default JSON output:
133 pki-healthcheck
134 Execute healthcheck with a prettier JSON output:
137 pki-healthcheck --indent 2
138 Execute healthcheck and only display errors:
141 pki-healthcheck --failures-only
142 Execute healthcheck and display results in human-readable format:
145 pki-healthcheck --output-format human
146 Execute healthcheck and write results to a file:
149 pki-healthcheck --output-file /var/log/pki/healthcheck/results.json
150 Display in the previous report in a human-readable format:
153 pki-healthcheck --output-format human --input-file
154 /var/log/pki/healthcheck/results.json
155
158 Dinesh Prasanth M K <dmoluguw@redhat.com>
159
162 Copyright (c) 2020 Red Hat, Inc. This is licensed under the GNU Gen‐
163 eral Public License, version 2 (GPLv2). A copy of this license is
164 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
165 ⟨http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt⟩.
166PKI January 16, 2020 pki-healthcheck(8)