1pki-server-ca(8) PKI CA Management Commands pki-server-ca(8)
2
6 pki-server-ca - Command-line interface for managing PKI CA.
7
10 pki-server [CLI-options] ca-cert-chain-export [command-options]
11 pki-server [CLI-options] ca-cert-request-find [command-options]
12 pki-server [CLI-options] ca-cert-request-show [command-options] re‐
13 quest-ID
14 pki-server [CLI-options] ca-clone-prepare [command-options]
15 pki-server [CLI-options] ca-audit-event-find [command-options]
16 pki-server [CLI-options] ca-audit-event-enable [command-options] event-
17 ID
18 pki-server [CLI-options] ca-audit-event-disable [command-options]
19 event-ID
20 pki-server [CLI-options] ca-audit-event-modify [command-options] event-
21 ID
22 pki-server [CLI-options] ca-audit-file-find [command-options]
23 pki-server [CLI-options] ca-audit-file-verify [command-options]
24
27 The pki-server ca commands provide command-line interfaces to manage
28 PKI CA.
29 pki-server [CLI-options] ca [command-options]
32 This command is to list available PKI CA management commands.
33 pki-server [CLI-options] ca-cert-chain-export [command-options]
36 This command is to export CA certificates with chain and keys to
37 PKCS #12 file.
38 The output filename and either password or password file are re‐
39 quired.
40 pki-server [CLI-options] ca-cert-request-find [command-options]
43 This command will list all the certificate request in the CA.
44 After specifying the certificate file it will search for certifi‐
45 cate request in the database.
46 It accepts certificate without any BEGIN/END CERTIFICATE
47 header/footer.
48 pki-server [CLI-options] ca-cert-request-show [command-options] re‐
51 quest-ID
52 This command is to show the certificate request as per certificate
53 request ID.
54 It shows the Request ID, Type, Status and Request (in Base64 for‐
55 mat).
56 pki-server [CLI-options] ca-clone-prepare [command-options]
59 This command exports CA system certificates into a PKCS #12 file
60 with private keys.
61 pki-server [CLI-options] ca-audit-event-find [command-options]
64 This command list all the audit events which are enabled/disabled.
65 pki-server [CLI-options] ca-audit-event-enable [command-options] event-
68 ID
69 This command will enable audit events in the CA.
70 pki-server [CLI-options] ca-audit-event-disable [command-options]
73 event-ID
74 This command will disable audit events in the CA.
75 pki-server [CLI-options] ca-audit-event-modify [command-options] event-
78 ID
79 This command will modify the event filter for audit events.
80 pki-server [CLI-options] ca-audit-file-find [command-options]
83 This command lists audit log files generated by the CA.
84 pki-server [CLI-options] ca-audit-file-verify [command-options]
87 This command will verify whether the signatures in the audit log
88 files are valid.
89
92 Logging audit events:
93 • AUDIT_LOG_STARTUP
96 • AUDIT_LOG_SHUTDOWN
98 • AUDIT_LOG_DELETE
100 • LOG_PATH_CHANGE
102 • LOG_EXPIRATION_CHANGE
104 • CONFIG_SIGNED_AUDIT
106 Authentication and authorization audit events:
110 • AUTHZ
113 • AUTH
115 • ROLE_ASSUME
117 • CONFIG_AUTH
119 • CONFIG_ROLE
121 • ACCESS_SESSION_ESTABLISH
123 • ACCESS_SESSION_TERMINATED
125 Key audit events:
129 • PRIVATE_KEY_ARCHIVE_REQUEST
132 • PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
134 • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
136 • CONFIG_TRUSTED_PUBLIC_KEY
138 • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
140 • KEY_RECOVERY_REQUEST
142 • KEY_RECOVERY_REQUEST_ASYNC
144 • KEY_RECOVERY_AGENT_LOGIN
146 • KEY_RECOVERY_REQUEST_PROCESSED
148 • KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
150 • KEY_GEN_ASYMMETRIC
152 • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS
154 • COMPUTE_SESSION_KEY_REQUEST
156 • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE
158 • DIVERSIFY_KEY_REQUEST
160 • DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS
162 • DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE
164 • SERVER_SIDE_KEYGEN_REQUEST
166 • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS
168 • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE
170 CMC audit events:
174 • CMC_RESPONSE_SENT
177 • CMC_ID_POP_LINK_WITNESS
179 • CMC_SIGNED_REQUEST_SIG_VERIFY
181 • CMC_PROOF_OF_IDENTIFICATION
183 • CMC_REQUEST_RECEIVED
185 • CMC_USER_SIGNED_REQUEST_SIG_VERIFY
187 • PROOF_OF_POSSESSION
189 Profile audit events:
193 • CONFIG_CERT_PROFILE
196 • CONFIG_CRL_PROFILE
198 • CONFIG_OCSP_PROFILE
200 Certificate audit events:
204 • CERT_SIGNING_INFO
207 • CERT_PROFILE_APPROVAL
209 • CERT_REQUEST_PROCESSED
211 • CERT_STATUS_CHANGE_REQUEST
213 • CERT_STATUS_CHANGE_REQUEST_PROCESSED
215 • CONFIG_CERT_POLICY
217 • PROFILE_CERT_REQUEST
219 • CIMC_CERT_VERIFICATION
221 • NON_PROFILE_CERT_REQUEST
223 ACL audit events:
227 • CONFIG_ACL
230 OCSP audit events:
234 • OCSP_SIGNING_INFO
237 • OCSP_GENERATION
239 CRL audit events:
243 • SCHEDULE_CRL_GENERATION
246 • DELTA_CRL_PUBLISHING
248 • CRL_VALIDATION
250 • CRL_RETRIEVAL
252 • CRL_SIGNING_INFO
254 • FULL_CRL_GENERATION
256 • DELTA_CRL_GENERATION
258 Authority audit events:
262 • AUTHORITY_CONFIG
265 • SECURITY_DOMAIN_UPDATE
267 • CONFIG_DRM
269 Selftest audit events:
273 • SELFTESTS_EXECUTION
276 Encryption data audit events:
280 • CONFIG_ENCRYPTION
283 • ENCRYPT_DATA_REQUEST
285 • ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS
287 • ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE
289 • COMPUTE_RANDOM_DATA_REQUEST
291 • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE
293 • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS
295 • SECURITY_DATA_ARCHIVAL_REQUEST
297 Serial/random number audit events:
301 • INTER_BOUNDARY
304 • CONFIG_SERIAL_NUMBER
306 • RANDOM_GENERATION
308
312 pki-server(8)
313 PKI server management commands
314
317 Amol Kahat <akahat@redhat.com>.
318
321 Copyright (c) 2018 Red Hat, Inc. This is licensed under the GNU Gen‐
322 eral Public License, version 2 (GPLv2). A copy of this license is
323 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
324PKI Mar 21, 2018 pki-server-ca(8)