1pki-server-tks(8)         PKI TKS Management Commands        pki-server-tks(8)
2
3
4

NAME

6       pki-server-tks - Command-line interface for managing PKI TKS.
7
8

SYNOPSIS

10       pki-server [CLI-options] tks-clone-prepare [command-options]
11       pki-server [CLI-options] tks-audit-event-find [command-options]
12       pki-server   [CLI-options]   tks-audit-event-enable   [command-options]
13       event-ID
14       pki-server   [CLI-options]   tks-audit-event-modify   [command-options]
15       event-ID
16       pki-server   [CLI-options]   tks-audit-event-disable  [command-options]
17       event-ID
18       pki-server [CLI-options] tks-audit-file-find [command-options]
19       pki-server [CLI-options] tks-audit-file-verify [command-options]
20
21

DESCRIPTION

23       The pki-server tks commands provide command-line interfaces  to  manage
24       PKI TKS.
25
26
27       pki-server [CLI-options] tks [command-options]
28           This command is to list available PKI TKS management commands.
29
30
31       pki-server [CLI-options] tks-clone-prepare [command-options]
32           This  command  export  TKS system certificates into a PKCS #12 file
33       with private keys.
34
35
36       pki-server [CLI-options] tks-audit-event-find [command-options]
37           This command list all the audit events which are enabled/disabled.
38
39
40       pki-server   [CLI-options]   tks-audit-event-enable   [command-options]
41       event-ID
42           This command will enable audit events in the TKS.
43
44
45       pki-server   [CLI-options]   tks-audit-event-disable  [command-options]
46       event-ID
47           This command will disable audit events in the TKS.
48
49
50       pki-server   [CLI-options]   tks-audit-event-modify   [command-options]
51       event-ID
52           This command will modify the event filter for audit events.
53
54
55       pki-server [CLI-options] tks-audit-file-find [command-options]
56           This command lists audit log file generated by the TKS.
57
58
59       pki-server [CLI-options] tks-audit-file-verify [command-options]
60           This  command  will  verify whether the signatures in the audit log
61       files are valid.
62
63

AUDIT EVENTS

65       Logging audit events:
66
67
68              • AUDIT_LOG_STARTUP
69
70              • AUDIT_LOG_SHUTDOWN
71
72              • AUDIT_LOG_DELETE
73
74              • LOG_PATH_CHANGE
75
76              • LOG_EXPIRATION_CHANGE
77
78              • CONFIG_SIGNED_AUDIT
79
80
81
82       Authentication and authorization audit events:
83
84
85              • AUTHZ
86
87              • AUTH
88
89              • ROLE_ASSUME
90
91              • CONFIG_AUTH
92
93              • CONFIG_ROLE
94
95              • ACCESS_SESSION_ESTABLISH
96
97              • ACCESS_SESSION_TERMINATED
98
99
100
101       Key audit events:
102
103
104              • PRIVATE_KEY_ARCHIVE_REQUEST
105
106              • PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
107
108              • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
109
110              • CONFIG_TRUSTED_PUBLIC_KEY
111
112              • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
113
114              • KEY_RECOVERY_REQUEST
115
116              • KEY_RECOVERY_REQUEST_ASYNC
117
118              • KEY_RECOVERY_AGENT_LOGIN
119
120              • KEY_RECOVERY_REQUEST_PROCESSED
121
122              • KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
123
124              • KEY_GEN_ASYMMETRIC
125
126              • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS
127
128              • COMPUTE_SESSION_KEY_REQUEST
129
130              • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE
131
132              • DIVERSIFY_KEY_REQUEST
133
134              • DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS
135
136              • DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE
137
138              • SERVER_SIDE_KEYGEN_REQUEST
139
140              • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS
141
142              • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE
143
144
145
146       CMC audit events:
147
148
149              • CMC_RESPONSE_SENT
150
151              • CMC_ID_POP_LINK_WITNESS
152
153              • CMC_SIGNED_REQUEST_SIG_VERIFY
154
155              • CMC_PROOF_OF_IDENTIFICATION
156
157              • CMC_REQUEST_RECEIVED
158
159              • CMC_USER_SIGNED_REQUEST_SIG_VERIFY
160
161              • PROOF_OF_POSSESSION
162
163
164
165       Profile audit events:
166
167
168              • CONFIG_CERT_PROFILE
169
170              • CONFIG_CRL_PROFILE
171
172              • CONFIG_OCSP_PROFILE
173
174
175
176       Certificate audit events:
177
178
179              • CERT_SIGNING_INFO
180
181              • CERT_PROFILE_APPROVAL
182
183              • CERT_REQUEST_PROCESSED
184
185              • CERT_STATUS_CHANGE_REQUEST
186
187              • CERT_STATUS_CHANGE_REQUEST_PROCESSED
188
189              • CONFIG_CERT_POLICY
190
191              • PROFILE_CERT_REQUEST
192
193              • CIMC_CERT_VERIFICATION
194
195              • NON_PROFILE_CERT_REQUEST
196
197
198
199       ACL audit events:
200
201
202              • CONFIG_ACL
203
204
205
206       OCSP audit events:
207
208
209              • OCSP_SIGNING_INFO
210
211              • OCSP_GENERATION
212
213
214
215       CRL audit events:
216
217
218              • SCHEDULE_CRL_GENERATION
219
220              • DELTA_CRL_PUBLISHING
221
222              • CRL_VALIDATION
223
224              • CRL_RETRIEVAL
225
226              • CRL_SIGNING_INFO
227
228              • FULL_CRL_GENERATION
229
230              • DELTA_CRL_GENERATION
231
232
233
234       Authority audit events:
235
236
237              • AUTHORITY_CONFIG
238
239              • SECURITY_DOMAIN_UPDATE
240
241              • CONFIG_DRM
242
243
244
245       Selftest audit events:
246
247
248              • SELFTESTS_EXECUTION
249
250
251
252       Encryption data audit events:
253
254
255              • CONFIG_ENCRYPTION
256
257              • ENCRYPT_DATA_REQUEST
258
259              • ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS
260
261              • ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE
262
263              • COMPUTE_RANDOM_DATA_REQUEST
264
265              • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE
266
267              • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS
268
269              • SECURITY_DATA_ARCHIVAL_REQUEST
270
271
272
273       Serial/random number audit events:
274
275
276              • INTER_BOUNDARY
277
278              • CONFIG_SERIAL_NUMBER
279
280              • RANDOM_GENERATION
281
282
283

SEE ALSO

285       pki-server(8)
286           PKI server management commands
287
288

AUTHORS

290       Amol Kahat <akahat@redhat.com>.
291
292

294       Copyright (c) 2018 Red Hat, Inc.  This is licensed under the  GNU  Gen‐
295       eral  Public  License,  version  2  (GPLv2).  A copy of this license is
296       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
297
298
299
300PKI                              Mar 21, 2018                pki-server-tks(8)
Impressum