.nh .TH pki\-server\-tks 8 "Mar 21, 2018" PKI "PKI TKS Management Commands" .SH NAME .PP pki\-server\-tks \- Command\-line interface for managing PKI TKS. .SH SYNOPSIS .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-clone\-prepare\fP [\fIcommand\-options\fP] .br \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-find\fP [\fIcommand\-options\fP] .br \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-enable\fP [\fIcommand\-options\fP] \fIevent\-ID\fP .br \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-modify\fP [\fIcommand\-options\fP] \fIevent\-ID\fP .br \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-disable\fP [\fIcommand\-options\fP] \fIevent\-ID\fP .br \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-file\-find\fP [\fIcommand\-options\fP] .br \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-file\-verify\fP [\fIcommand\-options\fP] .SH DESCRIPTION .PP The \fBpki\-server tks\fP commands provide command\-line interfaces to manage PKI TKS. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\fP [\fIcommand\-options\fP] .br This command is to list available PKI TKS management commands. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-clone\-prepare\fP [\fIcommand\-options\fP] .br This command export TKS system certificates into a PKCS #12 file with private keys. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-find\fP [\fIcommand\-options\fP] .br This command list all the audit events which are enabled/disabled. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-enable\fP [\fIcommand\-options\fP] \fIevent\-ID\fP .br This command will enable audit events in the TKS. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-disable\fP [\fIcommand\-options\fP] \fIevent\-ID\fP .br This command will disable audit events in the TKS. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-event\-modify\fP [\fIcommand\-options\fP] \fIevent\-ID\fP .br This command will modify the event filter for audit events. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-file\-find\fP [\fIcommand\-options\fP] .br This command lists audit log file generated by the TKS. .PP \fBpki\-server\fP [\fICLI\-options\fP] \fBtks\-audit\-file\-verify\fP [\fIcommand\-options\fP] .br This command will verify whether the signatures in the audit log files are valid. .SH AUDIT EVENTS .PP Logging audit events: .RS .IP \(bu 2 AUDIT\_LOG\_STARTUP .IP \(bu 2 AUDIT\_LOG\_SHUTDOWN .IP \(bu 2 AUDIT\_LOG\_DELETE .IP \(bu 2 LOG\_PATH\_CHANGE .IP \(bu 2 LOG\_EXPIRATION\_CHANGE .IP \(bu 2 CONFIG\_SIGNED\_AUDIT .RE .PP Authentication and authorization audit events: .RS .IP \(bu 2 AUTHZ .IP \(bu 2 AUTH .IP \(bu 2 ROLE\_ASSUME .IP \(bu 2 CONFIG\_AUTH .IP \(bu 2 CONFIG\_ROLE .IP \(bu 2 ACCESS\_SESSION\_ESTABLISH .IP \(bu 2 ACCESS\_SESSION\_TERMINATED .RE .PP Key audit events: .RS .IP \(bu 2 PRIVATE\_KEY\_ARCHIVE\_REQUEST .IP \(bu 2 PRIVATE\_KEY\_ARCHIVE\_REQUEST\_PROCESSED .IP \(bu 2 PRIVATE\_KEY\_EXPORT\_REQUEST\_PROCESSED\_SUCCESS .IP \(bu 2 CONFIG\_TRUSTED\_PUBLIC\_KEY .IP \(bu 2 PRIVATE\_KEY\_EXPORT\_REQUEST\_PROCESSED\_FAILURE .IP \(bu 2 KEY\_RECOVERY\_REQUEST .IP \(bu 2 KEY\_RECOVERY\_REQUEST\_ASYNC .IP \(bu 2 KEY\_RECOVERY\_AGENT\_LOGIN .IP \(bu 2 KEY\_RECOVERY\_REQUEST\_PROCESSED .IP \(bu 2 KEY\_RECOVERY\_REQUEST\_PROCESSED\_ASYNC .IP \(bu 2 KEY\_GEN\_ASYMMETRIC .IP \(bu 2 COMPUTE\_SESSION\_KEY\_REQUEST\_PROCESSED\_SUCCESS .IP \(bu 2 COMPUTE\_SESSION\_KEY\_REQUEST .IP \(bu 2 COMPUTE\_SESSION\_KEY\_REQUEST\_PROCESSED\_FAILURE .IP \(bu 2 DIVERSIFY\_KEY\_REQUEST .IP \(bu 2 DIVERSIFY\_KEY\_REQUEST\_PROCESSED\_SUCCESS .IP \(bu 2 DIVERSIFY\_KEY\_REQUEST\_PROCESSED\_FAILURE .IP \(bu 2 SERVER\_SIDE\_KEYGEN\_REQUEST .IP \(bu 2 SERVER\_SIDE\_KEYGEN\_REQUEST\_PROCESSED\_SUCCESS .IP \(bu 2 SERVER\_SIDE\_KEYGEN\_REQUEST\_PROCESSED\_FAILURE .RE .PP CMC audit events: .RS .IP \(bu 2 CMC\_RESPONSE\_SENT .IP \(bu 2 CMC\_ID\_POP\_LINK\_WITNESS .IP \(bu 2 CMC\_SIGNED\_REQUEST\_SIG\_VERIFY .IP \(bu 2 CMC\_PROOF\_OF\_IDENTIFICATION .IP \(bu 2 CMC\_REQUEST\_RECEIVED .IP \(bu 2 CMC\_USER\_SIGNED\_REQUEST\_SIG\_VERIFY .IP \(bu 2 PROOF\_OF\_POSSESSION .RE .PP Profile audit events: .RS .IP \(bu 2 CONFIG\_CERT\_PROFILE .IP \(bu 2 CONFIG\_CRL\_PROFILE .IP \(bu 2 CONFIG\_OCSP\_PROFILE .RE .PP Certificate audit events: .RS .IP \(bu 2 CERT\_SIGNING\_INFO .IP \(bu 2 CERT\_PROFILE\_APPROVAL .IP \(bu 2 CERT\_REQUEST\_PROCESSED .IP \(bu 2 CERT\_STATUS\_CHANGE\_REQUEST .IP \(bu 2 CERT\_STATUS\_CHANGE\_REQUEST\_PROCESSED .IP \(bu 2 CONFIG\_CERT\_POLICY .IP \(bu 2 PROFILE\_CERT\_REQUEST .IP \(bu 2 CIMC\_CERT\_VERIFICATION .IP \(bu 2 NON\_PROFILE\_CERT\_REQUEST .RE .PP ACL audit events: .RS .IP \(bu 2 CONFIG\_ACL .RE .PP OCSP audit events: .RS .IP \(bu 2 OCSP\_SIGNING\_INFO .IP \(bu 2 OCSP\_GENERATION .RE .PP CRL audit events: .RS .IP \(bu 2 SCHEDULE\_CRL\_GENERATION .IP \(bu 2 DELTA\_CRL\_PUBLISHING .IP \(bu 2 CRL\_VALIDATION .IP \(bu 2 CRL\_RETRIEVAL .IP \(bu 2 CRL\_SIGNING\_INFO .IP \(bu 2 FULL\_CRL\_GENERATION .IP \(bu 2 DELTA\_CRL\_GENERATION .RE .PP Authority audit events: .RS .IP \(bu 2 AUTHORITY\_CONFIG .IP \(bu 2 SECURITY\_DOMAIN\_UPDATE .IP \(bu 2 CONFIG\_DRM .RE .PP Selftest audit events: .RS .IP \(bu 2 SELFTESTS\_EXECUTION .RE .PP Encryption data audit events: .RS .IP \(bu 2 CONFIG\_ENCRYPTION .IP \(bu 2 ENCRYPT\_DATA\_REQUEST .IP \(bu 2 ENCRYPT\_DATA\_REQUEST\_PROCESSED\_SUCCESS .IP \(bu 2 ENCRYPT\_DATA\_REQUEST\_PROCESSED\_FAILURE .IP \(bu 2 COMPUTE\_RANDOM\_DATA\_REQUEST .IP \(bu 2 COMPUTE\_RANDOM\_DATA\_REQUEST\_PROCESSED\_FAILURE .IP \(bu 2 COMPUTE\_RANDOM\_DATA\_REQUEST\_PROCESSED\_SUCCESS .IP \(bu 2 SECURITY\_DATA\_ARCHIVAL\_REQUEST .RE .PP Serial/random number audit events: .RS .IP \(bu 2 INTER\_BOUNDARY .IP \(bu 2 CONFIG\_SERIAL\_NUMBER .IP \(bu 2 RANDOM\_GENERATION .RE .SH SEE ALSO .PP \fBpki\-server(8)\fP .br PKI server management commands .SH AUTHORS .PP Amol Kahat \<akahat@redhat.com\>\&. .SH COPYRIGHT .PP Copyright (c) 2018 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old\-licenses/gpl\-2.0.txt.