1pki-healthcheck(8)            pki-healthcheck CLI           pki-healthcheck(8)
2
3
4

NAME

6       pki-healthcheck  -  Command-Line Interface to check health of a PKI in‐
7       stallation
8
9

SYNOPSIS

11       pki-healthcheck [CLI-options]
12
13

DESCRIPTION

15       A PKI installation can be complex, therefore identifying real or poten‐
16       tial  issues  can be difficult and require a lot of analysis. This tool
17       aims to reduce the burden by attempting to identify issues  in  advance
18       so  that they can be corrected, ideally before the issue becomes criti‐
19       cal.
20
21
22   ORGANIZATION
23       The areas of the system to check are logically grouped  together.  This
24       grouping is called a source. A source consists of one or more checks.
25
26
27       A check is as atomic as possible to limit the scope and complexity.
28
29
30       Each  check  will  return  a result, either a result of WARNING, ERROR,
31       CRITICAL or SUCCESS. Returning SUCCESS tells you  that  the  check  was
32       done and was deemed correct.
33
34
35       Upon   failure,   the  output  will include name of the source and name
36       of the check that  detected  the  failure  along  with  a  message  and
37       name/value  pairs indicating the problem. If a check can't make a final
38       determination, it throws WARNING so that it can be examined.
39
40

OPTIONS

42   COMMANDS
43       --list-sources
44           Display a list of the available sources and the  checks  associated
45       with those sources.
46
47
48   OPTIONAL ARGUMENTS
49       --source=SOURCE
50           Execute one or more checks within this given source.
51
52
53       --check=CHECK
54           Execute  this  particular  check  within a source. A source must be
55       supplied as well with this option.
56
57
58       --output-type=[json|human]
59           Set the output type. Defaults to JSON.
60
61
62       --failures-only
63           Exclude SUCCESS results on output.
64
65
66       --severity=SEVERITY
67           Only report errors in the requested severity of  SUCCESS,  WARNING,
68       ERROR  or  CRITICAL.  This  can be provided multiple times to search on
69       multiple levels.
70
71
72       --debug
73           Generate additional debugging output.
74
75
76   JSON OUTPUT
77       The output is displayed as a list of result messages for each check ex‐
78       ecuted in JSON format. This could be input for a monitoring system.
79
80
81       --output-file=FILENAME
82           Write the output to this filename rather than stdout.
83
84
85       --indent=INDENT
86           Pretty-print  the JSON with this indention level. This can make the
87       output more human-readable.
88
89
90   HUMAN-READABLE OUTPUT
91       The results are displayed in a more human-readable format.
92
93
94       --input-file=FILENAME
95           Take as input a JSON results output and convert it to a more human-
96       readable form.
97
98

EXIT STATUS

100       0 if all checks were successful
101
102
103       1 if any one check failed or the command failed to execute properly
104
105

FILES

107       /etc/pki/healthcheck.conf
108
109

NOTES

111   CHECKS INCLUDED
112       Certificate sync between CS.cfg and NSS database
113           Checks  whether  the system certificates in CS.cfg and NSS database
114       are the same
115
116
117       System certificate expiry
118           Checks the expiry status of the installed system certificates
119
120
121       System certificate trust flags
122           Checks whether the installed system certificates carry the  correct
123       Trust flags
124
125
126       Subsystem connectivity check
127           Checks  whether  a  subsystem is running and able to respond to re‐
128       quests
129
130

EXAMPLES

132       Execute healthcheck with the default JSON output:
133       pki-healthcheck
134
135
136       Execute healthcheck with a prettier JSON output:
137       pki-healthcheck --indent 2
138
139
140       Execute healthcheck and only display errors:
141       pki-healthcheck --failures-only
142
143
144       Execute healthcheck and display results in human-readable format:
145       pki-healthcheck --output-format human
146
147
148       Execute healthcheck and write results to a file:
149       pki-healthcheck --output-file /var/log/pki/healthcheck/results.json
150
151
152       Display in the previous report in a human-readable format:
153       pki-healthcheck        --output-format        human        --input-file
154       /var/log/pki/healthcheck/results.json
155
156

AUTHORS

158       Dinesh Prasanth M K <dmoluguw@redhat.com>
159
160
162       Copyright  (c)  2020 Red Hat, Inc.  This is licensed under the GNU Gen‐
163       eral Public License, version 2 (GPLv2).  A  copy  of  this  license  is
164       available     at   http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
165http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt⟩.
166
167
168
169PKI                            January 16, 2020             pki-healthcheck(8)
Impressum