1pki-ca-kraconnector(P1K)I CA-KRA Connector Management Commanpdksi-ca-kraconnector(1)
2
3
4

NAME

6       pki-ca-kraconnector  -  Command-line interface for managing CA-KRA con‐
7       nectors.
8
9

SYNOPSIS

11       pki [CLI-options] ca-kraconnector
12       pki [CLI-options] ca-kraconnector-show
13       pki [CLI-options] ca-kraconnector-add --input-file input-file
14       pki [CLI-options] ca-kraconnector-add --host KRA-host --port KRA-port
15       pki [CLI-options] ca-kraconnector-del --host KRA-host --port KRA-port
16
17

DESCRIPTION

19       The pki-ca-kraconnector commands  provide  command-line  interfaces  to
20       manage  CA-KRA  connectors.  This command should be applied against CAs
21       only.
22
23
24       When keys are archived, the CA communicates with the  KRA  through  au‐
25       thenticated  persistent  connections called Connectors.  Because the CA
26       initiates the communication, the connector configuration  is  performed
27       on the CA only.  A Connector is automatically configured on the issuing
28       CA whenever a KRA is set up by pkispawn.
29
30
31       A CA may have only one KRA connector.  This connector can be configured
32       to  talk  to multiple KRAs (for high availability) only if the KRAs are
33       clones.
34
35
36       pki [CLI-options] ca-kraconnector
37           This command is to list available KRA connector commands.
38
39
40       pki [CLI-options] ca-kraconnector-show
41           This command is to view the configuration settings for  the  CA-KRA
42       connector configured on the CA.
43           These  details can be redirected to a file, modified as needed, and
44       used as the input file for the ca-kraconnector-add command.
45
46
47       pki [CLI-options] ca-kraconnector-add --input-file input-file
48           This command is to configure the CA-KRA connector on the CA subsys‐
49       tem.
50           The input file is an XML document as provided by the pki ca-kracon‐
51       nector-show command.
52           A CA-KRA connector can only be created from an input file only if a
53       connector does not already exist.
54           If one already exists, it should be removed first.
55
56
57       pki [CLI-options] ca-kraconnector-add --host KRA-host --port KRA-port
58           This command is to add a host to an existing CA-KRA connector.
59
60
61       pki [CLI-options] ca-kraconnector-del --host KRA-host --port KRA-port
62           This command is to delete a host from the CA-KRA connector on a CA.
63           If the last KRA host is removed, the connector configuration is re‐
64       moved from the CA.
65
66

OPTIONS

68       The CLI options are described in pki(1).
69
70

OPERATIONS

72       To view available CA-KRA connector commands, type pki  ca-kraconnector.
73       To  view each command's usage, type pki ca-kraconnector-<command>
74       --help.
75
76
77       All CA-KRA connector commands must be executed as the CA administrator.
78
79
80       To retrieve the CA-KRA connector configuration from the CA:
81
82
83              $ pki <CA admin authentication> ca-kraconnector-show
84
85
86
87       One of the most common use cases for these commands is  to  add  a  KRA
88       clone  to an existing CA-KRA connector for high availability.  This can
89       be done using the pki ca-kraconnector-add command as shown:
90
91
92              $ pki <CA admin authentication> ca-kraconnector-add --host kra2.example.com --port 8443
93
94
95
96       To delete a KRA clone from the connector:
97
98
99              $ pki <CA admin authentication> ca-kraconnector-del --host kra2.example.com --port 8443
100
101
102

AUTHOR

104       Ade Lee &lt;alee@redhat.com&gt;.
105
106
108       Copyright (c) 2016 Red Hat, Inc.  This is licensed under the  GNU  Gen‐
109       eral  Public  License,  version  2  (GPLv2).  A copy of this license is
110       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
111
112
113
114PKI                              June 10, 2016          pki-ca-kraconnector(1)
Impressum