Provided by: pki-tks_11.2.1-2_all bug

NAME

       pki-server-tks - Command-line interface for managing PKI TKS.

SYNOPSIS

       pki-server [CLI-options] tks-clone-prepare [command-options]
       pki-server [CLI-options] tks-audit-event-find [command-options]
       pki-server [CLI-options] tks-audit-event-enable [command-options] event-ID
       pki-server [CLI-options] tks-audit-event-modify [command-options] event-ID
       pki-server [CLI-options] tks-audit-event-disable [command-options] event-ID
       pki-server [CLI-options] tks-audit-file-find [command-options]
       pki-server [CLI-options] tks-audit-file-verify [command-options]

DESCRIPTION

       The pki-server tks commands provide command-line interfaces to manage PKI TKS.

       pki-server [CLI-options] tks [command-options]
           This command is to list available PKI TKS management commands.

       pki-server [CLI-options] tks-clone-prepare [command-options]
           This command export TKS system certificates into a PKCS #12 file with private keys.

       pki-server [CLI-options] tks-audit-event-find [command-options]
           This command list all the audit events which are enabled/disabled.

       pki-server [CLI-options] tks-audit-event-enable [command-options] event-ID
           This command will enable audit events in the TKS.

       pki-server [CLI-options] tks-audit-event-disable [command-options] event-ID
           This command will disable audit events in the TKS.

       pki-server [CLI-options] tks-audit-event-modify [command-options] event-ID
           This command will modify the event filter for audit events.

       pki-server [CLI-options] tks-audit-file-find [command-options]
           This command lists audit log file generated by the TKS.

       pki-server [CLI-options] tks-audit-file-verify [command-options]
           This command will verify whether the signatures in the audit log files are valid.

AUDIT EVENTS

       Logging audit events:

              • AUDIT_LOG_STARTUP

              • AUDIT_LOG_SHUTDOWN

              • AUDIT_LOG_DELETE

              • LOG_PATH_CHANGE

              • LOG_EXPIRATION_CHANGE

              • CONFIG_SIGNED_AUDIT

       Authentication and authorization audit events:

              • AUTHZ

              • AUTH

              • ROLE_ASSUME

              • CONFIG_AUTH

              • CONFIG_ROLE

              • ACCESS_SESSION_ESTABLISH

              • ACCESS_SESSION_TERMINATED

       Key audit events:

              • PRIVATE_KEY_ARCHIVE_REQUEST

              • PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED

              • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS

              • CONFIG_TRUSTED_PUBLIC_KEY

              • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE

              • KEY_RECOVERY_REQUEST

              • KEY_RECOVERY_REQUEST_ASYNC

              • KEY_RECOVERY_AGENT_LOGIN

              • KEY_RECOVERY_REQUEST_PROCESSED

              • KEY_RECOVERY_REQUEST_PROCESSED_ASYNC

              • KEY_GEN_ASYMMETRIC

              • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS

              • COMPUTE_SESSION_KEY_REQUEST

              • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE

              • DIVERSIFY_KEY_REQUEST

              • DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS

              • DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE

              • SERVER_SIDE_KEYGEN_REQUEST

              • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS

              • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE

       CMC audit events:

              • CMC_RESPONSE_SENT

              • CMC_ID_POP_LINK_WITNESS

              • CMC_SIGNED_REQUEST_SIG_VERIFY

              • CMC_PROOF_OF_IDENTIFICATION

              • CMC_REQUEST_RECEIVED

              • CMC_USER_SIGNED_REQUEST_SIG_VERIFY

              • PROOF_OF_POSSESSION

       Profile audit events:

              • CONFIG_CERT_PROFILE

              • CONFIG_CRL_PROFILE

              • CONFIG_OCSP_PROFILE

       Certificate audit events:

              • CERT_SIGNING_INFO

              • CERT_PROFILE_APPROVAL

              • CERT_REQUEST_PROCESSED

              • CERT_STATUS_CHANGE_REQUEST

              • CERT_STATUS_CHANGE_REQUEST_PROCESSED

              • CONFIG_CERT_POLICY

              • PROFILE_CERT_REQUEST

              • CIMC_CERT_VERIFICATION

              • NON_PROFILE_CERT_REQUEST

       ACL audit events:

              • CONFIG_ACL

       OCSP audit events:

              • OCSP_SIGNING_INFO

              • OCSP_GENERATION

       CRL audit events:

              • SCHEDULE_CRL_GENERATION

              • DELTA_CRL_PUBLISHING

              • CRL_VALIDATION

              • CRL_RETRIEVAL

              • CRL_SIGNING_INFO

              • FULL_CRL_GENERATION

              • DELTA_CRL_GENERATION

       Authority audit events:

              • AUTHORITY_CONFIG

              • SECURITY_DOMAIN_UPDATE

              • CONFIG_DRM

       Selftest audit events:

              • SELFTESTS_EXECUTION

       Encryption data audit events:

              • CONFIG_ENCRYPTION

              • ENCRYPT_DATA_REQUEST

              • ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS

              • ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE

              • COMPUTE_RANDOM_DATA_REQUEST

              • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE

              • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS

              • SECURITY_DATA_ARCHIVAL_REQUEST

       Serial/random number audit events:

              • INTER_BOUNDARY

              • CONFIG_SERIAL_NUMBER

              • RANDOM_GENERATION

SEE ALSO

       pki-server(8)
           PKI server management commands

AUTHORS

       Amol Kahat <akahat@redhat.com>.

COPYRIGHT

       Copyright  (c)  2018 Red Hat, Inc.  This is licensed under the GNU General Public License,
       version    2    (GPLv2).     A    copy    of    this    license    is     available     at
       http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.