Provided by: pki-ca_11.2.1-2_all bug

NAME

       pki-server-ca - Command-line interface for managing PKI CA.

SYNOPSIS

       pki-server [CLI-options] ca-cert-chain-export [command-options]
       pki-server [CLI-options] ca-cert-request-find [command-options]
       pki-server [CLI-options] ca-cert-request-show [command-options] request-ID
       pki-server [CLI-options] ca-clone-prepare [command-options]
       pki-server [CLI-options] ca-audit-event-find [command-options]
       pki-server [CLI-options] ca-audit-event-enable [command-options] event-ID
       pki-server [CLI-options] ca-audit-event-disable [command-options] event-ID
       pki-server [CLI-options] ca-audit-event-modify [command-options] event-ID
       pki-server [CLI-options] ca-audit-file-find [command-options]
       pki-server [CLI-options] ca-audit-file-verify [command-options]

DESCRIPTION

       The pki-server ca commands provide command-line interfaces to manage PKI CA.

       pki-server [CLI-options] ca [command-options]
           This command is to list available PKI CA management commands.

       pki-server [CLI-options] ca-cert-chain-export [command-options]
           This command is to export CA certificates with chain and keys to PKCS #12 file.
           The output filename and either password or password file are required.

       pki-server [CLI-options] ca-cert-request-find [command-options]
           This command will list all the certificate request in the CA.
           After  specifying  the  certificate file it will search for certificate request in the
       database.
           It accepts certificate without any BEGIN/END CERTIFICATE header/footer.

       pki-server [CLI-options] ca-cert-request-show [command-options] request-ID
           This command is to show the certificate request as per certificate request ID.
           It shows the Request ID, Type, Status and Request (in Base64 format).

       pki-server [CLI-options] ca-clone-prepare [command-options]
           This command exports CA system certificates into a PKCS #12 file with private keys.

       pki-server [CLI-options] ca-audit-event-find [command-options]
           This command list all the audit events which are enabled/disabled.

       pki-server [CLI-options] ca-audit-event-enable [command-options] event-ID
           This command will enable audit events in the CA.

       pki-server [CLI-options] ca-audit-event-disable [command-options] event-ID
           This command will disable audit events in the CA.

       pki-server [CLI-options] ca-audit-event-modify [command-options] event-ID
           This command will modify the event filter for audit events.

       pki-server [CLI-options] ca-audit-file-find [command-options]
           This command lists audit log files generated by the CA.

       pki-server [CLI-options] ca-audit-file-verify [command-options]
           This command will verify whether the signatures in the audit log files are valid.

AUDIT EVENTS

       Logging audit events:

              • AUDIT_LOG_STARTUP

              • AUDIT_LOG_SHUTDOWN

              • AUDIT_LOG_DELETE

              • LOG_PATH_CHANGE

              • LOG_EXPIRATION_CHANGE

              • CONFIG_SIGNED_AUDIT

       Authentication and authorization audit events:

              • AUTHZ

              • AUTH

              • ROLE_ASSUME

              • CONFIG_AUTH

              • CONFIG_ROLE

              • ACCESS_SESSION_ESTABLISH

              • ACCESS_SESSION_TERMINATED

       Key audit events:

              • PRIVATE_KEY_ARCHIVE_REQUEST

              • PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED

              • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS

              • CONFIG_TRUSTED_PUBLIC_KEY

              • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE

              • KEY_RECOVERY_REQUEST

              • KEY_RECOVERY_REQUEST_ASYNC

              • KEY_RECOVERY_AGENT_LOGIN

              • KEY_RECOVERY_REQUEST_PROCESSED

              • KEY_RECOVERY_REQUEST_PROCESSED_ASYNC

              • KEY_GEN_ASYMMETRIC

              • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS

              • COMPUTE_SESSION_KEY_REQUEST

              • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE

              • DIVERSIFY_KEY_REQUEST

              • DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS

              • DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE

              • SERVER_SIDE_KEYGEN_REQUEST

              • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS

              • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE

       CMC audit events:

              • CMC_RESPONSE_SENT

              • CMC_ID_POP_LINK_WITNESS

              • CMC_SIGNED_REQUEST_SIG_VERIFY

              • CMC_PROOF_OF_IDENTIFICATION

              • CMC_REQUEST_RECEIVED

              • CMC_USER_SIGNED_REQUEST_SIG_VERIFY

              • PROOF_OF_POSSESSION

       Profile audit events:

              • CONFIG_CERT_PROFILE

              • CONFIG_CRL_PROFILE

              • CONFIG_OCSP_PROFILE

       Certificate audit events:

              • CERT_SIGNING_INFO

              • CERT_PROFILE_APPROVAL

              • CERT_REQUEST_PROCESSED

              • CERT_STATUS_CHANGE_REQUEST

              • CERT_STATUS_CHANGE_REQUEST_PROCESSED

              • CONFIG_CERT_POLICY

              • PROFILE_CERT_REQUEST

              • CIMC_CERT_VERIFICATION

              • NON_PROFILE_CERT_REQUEST

       ACL audit events:

              • CONFIG_ACL

       OCSP audit events:

              • OCSP_SIGNING_INFO

              • OCSP_GENERATION

       CRL audit events:

              • SCHEDULE_CRL_GENERATION

              • DELTA_CRL_PUBLISHING

              • CRL_VALIDATION

              • CRL_RETRIEVAL

              • CRL_SIGNING_INFO

              • FULL_CRL_GENERATION

              • DELTA_CRL_GENERATION

       Authority audit events:

              • AUTHORITY_CONFIG

              • SECURITY_DOMAIN_UPDATE

              • CONFIG_DRM

       Selftest audit events:

              • SELFTESTS_EXECUTION

       Encryption data audit events:

              • CONFIG_ENCRYPTION

              • ENCRYPT_DATA_REQUEST

              • ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS

              • ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE

              • COMPUTE_RANDOM_DATA_REQUEST

              • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE

              • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS

              • SECURITY_DATA_ARCHIVAL_REQUEST

       Serial/random number audit events:

              • INTER_BOUNDARY

              • CONFIG_SERIAL_NUMBER

              • RANDOM_GENERATION

SEE ALSO

       pki-server(8)
           PKI server management commands

AUTHORS

       Amol Kahat <akahat@redhat.com>.

COPYRIGHT

       Copyright (c) 2018 Red Hat, Inc.  This is licensed under the GNU General  Public  License,
       version     2     (GPLv2).     A    copy    of    this    license    is    available    at
       http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.