1pki-server-subsystem(8) PKI Subsystem Commands pki-server-subsystem(8)
2
3
4
6 pki-server-subsystem - Command-line interface for managing PKI subsys‐
7 tems.
8
9
11 pki-server [CLI-options] subsystem
12 pki-server [CLI-options] subsystem-find
13 pki-server [CLI-options] subsystem-show subsystem-ID
14 pki-server [CLI-options] subsystem-enable subsystem-ID
15 pki-server [CLI-options] subsystem-disable subsystem-ID
16 pki-server [CLI-options] subsystem-cert-find subsystem-ID
17 pki-server [CLI-options] subsystem-cert-show subsystem-ID cert-ID
18 pki-server [CLI-options] subsystem-cert-export subsystem-ID cert-ID
19 pki-server [CLI-options] subsystem-cert-update subsystem-ID cert-ID
20
21
23 The pki-server subsystem commands provide command-line interfaces to
24 manage PKI subsystems. A PKI server instance consists of a single
25 Apache Tomcat instance that contains one or more PKI subsystems. Valid
26 subsystem identifiers are ca, kra, tks, ocsp and tps. No instance may
27 have more than one of each type of subsystem.
28
29
30 pki-server subsystem commands perform operations on a specific subsys‐
31 tem within a PKI server instance. Consequently, all pki-server subsys‐
32 tem commands require specification of the instance ID to completely
33 identify the target subsystem.
34
35
36 Operations that are available include: listing subsystems in an in‐
37 stance; showing details about a subsystem; and enabling and disabling
38 subsystems.
39
40
41 pki-server [CLI-options] subsystem
42 This command is to list available subsystem commands.
43
44
45 pki-server [CLI-options] subsystem-find
46 This command is to list subsystems within a specific instance.
47
48
49 pki-server [CLI-options] subsystem-show subsystem-ID
50 This command is to view the details about a particular subsystem.
51
52
53 pki-server [CLI-options] subsystem-enable subsystem-ID
54 This command is to enable a particular subsystem.
55 Each subsystem consists of a web application within the Apache Tom‐
56 cat instance.
57 Enabling a subsystem means deploying the web application so that
58 the application initializes
59 and is accessible via the HTTP and HTTPS ports for the Apache Tom‐
60 cat instance.
61
62
63 Note: Each subsystem runs a set of self-tests on startup. If these
64 self-tests fail, the subsystem will be disabled by undeploying the web
65 application. The deployment status (enabled/disabled) of the subsystem
66 can be determined from the output of pki-server subsystem-show. Once
67 the underlying problem is fixed, the subsystem should be re-enabled us‐
68 ing pki-server subsystem-enable.
69
70
71 pki-server [CLI-options] subsystem-disable subsystem-ID
72 This command is to disable a subsystem by undeploying the web ap‐
73 plication corresponding to the subsystem.
74 The subsystem will no longer be accessible through the web inter‐
75 faces.
76 This is useful when specific subsystems need to be made inaccessi‐
77 ble for maintenance
78 as Apache Tomcat allows web applications to be deployed/undeployed
79 while the instance is still running (hot deployment).
80
81
82 pki-server [CLI-options] subsystem-cert-find subsystem-ID
83 This command is to list system certificates in a particular subsys‐
84 tem.
85
86
87 pki-server [CLI-options] subsystem-cert-show subsystem-ID cert-ID
88 This command is to view the details about a system certificate in a
89 particular subsystem.
90
91
92 pki-server [CLI-options] subsystem-cert-export subsystem-ID cert-ID
93 This command is to export a system certificate in a particular sub‐
94 system.
95
96
97 pki-server [CLI-options] subsystem-cert-update subsystem-ID cert-ID
98 This command is to update a system certificate in a particular sub‐
99 system.
100
101
103 The CLI options are described in pki-server(8).
104
105
107 To view available subsystem management commands, type pki-server sub‐
108 system. To view each command's usage, type pki-server subsys‐
109 tem-<command> --help.
110
111
113 Ade Lee <alee@redhat.com>
114
115
117 Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU Gen‐
118 eral Public License, version 2 (GPLv2). A copy of this license is
119 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
120
121
122
123PKI July 15, 2015 pki-server-subsystem(8)