Provided by: pki-tools_10.6.0-1ubuntu2_amd64
pki-ca-kraconnector - Command-Line Interface for managing CA-KRA connectors.
pki [CLI options] ca-kraconnector pki [CLI options] ca-kraconnector-show pki [CLI options] ca-kraconnector-add --input-file <input file> | --host <KRA host> --port <KRA port> pki [CLI options] ca-kraconnector-del --host <KRA host> --port <KRA port>
The pki-ca-kraconnector commands provide command-line interfaces to manage CA-KRA connectors. This command should be applied against CAs only. When keys are archived, the CA communicates with the KRA through authenticated persistent connections called Connectors. Because the CA initiates the communication, the connector configuration is performed on the CA only. A Connector is automatically configured on the issuing CA whenever a KRA is set up by pkispawn. A CA may have only one KRA connector. This connector can be configured to talk to multiple KRAs (for high availability) only if the KRAs are clones. pki [CLI options] ca-kraconnector This command is to list available KRA connector commands. pki [CLI options] ca-kraconnector-show This command is to view the configuration settings for the CA-KRA connector configured on the CA. These details can be redirected to a file, modified as needed, and used as the input file for the ca-kraconnector-add command. pki [CLI options] ca-kraconnector-add --input-file <input_file> This command is to configure the CA-KRA connector on the CA subsystem. The input file is an XML document as provided by the ca-kraconnector-show command. A CA-KRA connector can only be created from an input file only if a connector does not already exist. If one already exists, it should be removed first. pki [CLI options] ca-kraconnector-add --host <KRA host> --port <KRA Port> This command is to add a host to an existing CA-KRA connector. pki [CLI options] ca-kraconnector-del --host <KRA Host> --port <KRA Port> This command is to delete a host from the CA-KRA connector on a CA. If the last KRA host is removed, the connector configuration is removed from the CA.
The CLI options are described in pki(1).
To view available CA-KRA connector commands, type pki ca-kraconnector. To view each command's usage, type pki ca-kraconnector-<command> --help. All CA-KRA connector commands must be executed as the CA administrator. To retrieve the CA-KRA connector configuration from the CA: pki <CA admin authentication> ca-kraconnector-show One of the most common use cases for these commands is to add a KRA clone to an existing CA-KRA connector for high availability. This can be done using the pki ca-kraconnector- add command as shown: pki <CA admin authentication> ca-kraconnector-add --host kra2.example.com --port 8443 To delete a KRA clone from the connector: pki <CA admin authentication> ca-kraconnector-del --host kra2.example.com --port 8443
Ade Lee <firstname.lastname@example.org>.
Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old- licenses/gpl-2.0.txt.