Provided by: pki-kra_11.0.3-4_all 
NAME
pki-server-kra - Command-line interface for managing PKI KRA.
SYNOPSIS
pki-server [CLI-options] kra-clone-prepare [command-options]
pki-server [CLI-options] kra-audit-event-find [command-options]
pki-server [CLI-options] kra-audit-event-enable [command-options] event-ID
pki-server [CLI-options] kra-audit-event-disable [command-options] event-ID
pki-server [CLI-options] kra-audit-event-modify [command-options] event-ID
pki-server [CLI-options] kra-audit-file-find [command-options]
pki-server [CLI-options] kra-audit-file-verify [command-options]
DESCRIPTION
The pki-server kra commands provide command-line interfaces to manage PKI KRA.
pki-server [CLI-options] kra [command-options]
This command is to list available PKI KRA management commands.
pki-server [CLI-options] kra-clone-prepare [command-options]
This command export KRA system certificates into a PKCS #12 file with private keys.
pki-server [CLI-options] kra-audit-event-find [command-options]
This command list all the audit events which are enabled/disabled.
pki-server [CLI-options] kra-audit-event-enable [command-options] event-ID
This command will enable audit events in the KRA.
pki-server [CLI-options] kra-audit-event-disable [command-options] event-ID
This command will disable audit events in the KRA.
pki-server [CLI-options] kra-audit-event-modify [command-options] event-ID
This command will modify the event filter for audit events.
pki-server [CLI-options] kra-audit-file-find [command-options]
This command lists audit logs generated by the KRA.
pki-server [CLI-options] kra-audit-file-verify [command-options]
This command will verify whether the signatures in the audit log files are valid.
AUDIT EVENTS
Logging audit events:
• AUDIT_LOG_STARTUP
• AUDIT_LOG_SHUTDOWN
• AUDIT_LOG_DELETE
• LOG_PATH_CHANGE
• LOG_EXPIRATION_CHANGE
• CONFIG_SIGNED_AUDIT
Authentication and authorization audit events:
• AUTHZ
• AUTH
• ROLE_ASSUME
• CONFIG_AUTH
• CONFIG_ROLE
• ACCESS_SESSION_ESTABLISH
• ACCESS_SESSION_TERMINATED
Key audit events:
• PRIVATE_KEY_ARCHIVE_REQUEST
• PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
• PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
• CONFIG_TRUSTED_PUBLIC_KEY
• PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
• KEY_RECOVERY_REQUEST
• KEY_RECOVERY_REQUEST_ASYNC
• KEY_RECOVERY_AGENT_LOGIN
• KEY_RECOVERY_REQUEST_PROCESSED
• KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
• KEY_GEN_ASYMMETRIC
• COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS
• COMPUTE_SESSION_KEY_REQUEST
• COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE
• DIVERSIFY_KEY_REQUEST
• DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS
• DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE
• SERVER_SIDE_KEYGEN_REQUEST
• SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS
• SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE
CMC audit events:
• CMC_RESPONSE_SENT
• CMC_ID_POP_LINK_WITNESS
• CMC_SIGNED_REQUEST_SIG_VERIFY
• CMC_PROOF_OF_IDENTIFICATION
• CMC_REQUEST_RECEIVED
• CMC_USER_SIGNED_REQUEST_SIG_VERIFY
• PROOF_OF_POSSESSION
Profile audit events:
• CONFIG_CERT_PROFILE
• CONFIG_CRL_PROFILE
• CONFIG_OCSP_PROFILE
Certificate audit events:
• CERT_SIGNING_INFO
• CERT_PROFILE_APPROVAL
• CERT_REQUEST_PROCESSED
• CERT_STATUS_CHANGE_REQUEST
• CERT_STATUS_CHANGE_REQUEST_PROCESSED
• CONFIG_CERT_POLICY
• PROFILE_CERT_REQUEST
• CIMC_CERT_VERIFICATION
• NON_PROFILE_CERT_REQUEST
ACL audit events:
• CONFIG_ACL
OCSP audit events:
• OCSP_SIGNING_INFO
• OCSP_GENERATION
CRL audit events:
• SCHEDULE_CRL_GENERATION
• DELTA_CRL_PUBLISHING
• CRL_VALIDATION
• CRL_RETRIEVAL
• CRL_SIGNING_INFO
• FULL_CRL_GENERATION
• DELTA_CRL_GENERATION
Authority audit events:
• AUTHORITY_CONFIG
• SECURITY_DOMAIN_UPDATE
• CONFIG_DRM
Selftest audit events:
• SELFTESTS_EXECUTION
Encryption data audit events:
• CONFIG_ENCRYPTION
• ENCRYPT_DATA_REQUEST
• ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS
• ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE
• COMPUTE_RANDOM_DATA_REQUEST
• COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE
• COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS
• SECURITY_DATA_ARCHIVAL_REQUEST
Serial/random number audit events:
• INTER_BOUNDARY
• CONFIG_SERIAL_NUMBER
• RANDOM_GENERATION
SEE ALSO
pki-server(8)
PKI server management commands
AUTHORS
Amol Kahat <akahat@redhat.com>.
COPYRIGHT
Copyright (c) 2018 Red Hat, Inc. This is licensed under the GNU General Public License,
version 2 (GPLv2). A copy of this license is available at
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.