.nh .TH pki-server-ca 8 "Mar 21, 2018" PKI "PKI CA Management Commands" .SH NAME .PP pki-server-ca - Command-line interface for managing PKI CA. .SH SYNOPSIS .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-cert-chain-export\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBca-cert-request-find\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBca-cert-request-show\fP [\fIcommand-options\fP] \fIrequest-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBca-clone-prepare\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-find\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-enable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-disable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-modify\fP [\fIcommand-options\fP] \fIevent-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-file-find\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-file-verify\fP [\fIcommand-options\fP] .SH DESCRIPTION .PP The \fBpki-server ca\fP commands provide command-line interfaces to manage PKI CA. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca\fP [\fIcommand-options\fP] .br This command is to list available PKI CA management commands. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-cert-chain-export\fP [\fIcommand-options\fP] .br This command is to export CA certificates with chain and keys to PKCS #12 file. The output filename and either password or password file are required. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-cert-request-find\fP [\fIcommand-options\fP] .br This command will list all the certificate request in the CA. After specifying the certificate file it will search for certificate request in the database. It accepts certificate without any BEGIN/END CERTIFICATE header/footer. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-cert-request-show\fP [\fIcommand-options\fP] \fIrequest-ID\fP .br This command is to show the certificate request as per certificate request ID. It shows the Request ID, Type, Status and Request (in Base64 format). .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-clone-prepare\fP [\fIcommand-options\fP] .br This command exports CA system certificates into a PKCS #12 file with private keys. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-find\fP [\fIcommand-options\fP] .br This command list all the audit events which are enabled/disabled. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-enable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br This command will enable audit events in the CA. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-disable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br This command will disable audit events in the CA. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-event-modify\fP [\fIcommand-options\fP] \fIevent-ID\fP .br This command will modify the event filter for audit events. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-file-find\fP [\fIcommand-options\fP] .br This command lists audit log files generated by the CA. .PP \fBpki-server\fP [\fICLI-options\fP] \fBca-audit-file-verify\fP [\fIcommand-options\fP] .br This command will verify whether the signatures in the audit log files are valid. .SH AUDIT EVENTS .PP Logging audit events: .RS .IP \(bu 2 AUDIT_LOG_STARTUP .IP \(bu 2 AUDIT_LOG_SHUTDOWN .IP \(bu 2 AUDIT_LOG_DELETE .IP \(bu 2 LOG_PATH_CHANGE .IP \(bu 2 LOG_EXPIRATION_CHANGE .IP \(bu 2 CONFIG_SIGNED_AUDIT .RE .PP Authentication and authorization audit events: .RS .IP \(bu 2 AUTHZ .IP \(bu 2 AUTH .IP \(bu 2 ROLE_ASSUME .IP \(bu 2 CONFIG_AUTH .IP \(bu 2 CONFIG_ROLE .IP \(bu 2 ACCESS_SESSION_ESTABLISH .IP \(bu 2 ACCESS_SESSION_TERMINATED .RE .PP Key audit events: .RS .IP \(bu 2 PRIVATE_KEY_ARCHIVE_REQUEST .IP \(bu 2 PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED .IP \(bu 2 PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 CONFIG_TRUSTED_PUBLIC_KEY .IP \(bu 2 PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE .IP \(bu 2 KEY_RECOVERY_REQUEST .IP \(bu 2 KEY_RECOVERY_REQUEST_ASYNC .IP \(bu 2 KEY_RECOVERY_AGENT_LOGIN .IP \(bu 2 KEY_RECOVERY_REQUEST_PROCESSED .IP \(bu 2 KEY_RECOVERY_REQUEST_PROCESSED_ASYNC .IP \(bu 2 KEY_GEN_ASYMMETRIC .IP \(bu 2 COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 COMPUTE_SESSION_KEY_REQUEST .IP \(bu 2 COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE .IP \(bu 2 DIVERSIFY_KEY_REQUEST .IP \(bu 2 DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE .IP \(bu 2 SERVER_SIDE_KEYGEN_REQUEST .IP \(bu 2 SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE .RE .PP CMC audit events: .RS .IP \(bu 2 CMC_RESPONSE_SENT .IP \(bu 2 CMC_ID_POP_LINK_WITNESS .IP \(bu 2 CMC_SIGNED_REQUEST_SIG_VERIFY .IP \(bu 2 CMC_PROOF_OF_IDENTIFICATION .IP \(bu 2 CMC_REQUEST_RECEIVED .IP \(bu 2 CMC_USER_SIGNED_REQUEST_SIG_VERIFY .IP \(bu 2 PROOF_OF_POSSESSION .RE .PP Profile audit events: .RS .IP \(bu 2 CONFIG_CERT_PROFILE .IP \(bu 2 CONFIG_CRL_PROFILE .IP \(bu 2 CONFIG_OCSP_PROFILE .RE .PP Certificate audit events: .RS .IP \(bu 2 CERT_SIGNING_INFO .IP \(bu 2 CERT_PROFILE_APPROVAL .IP \(bu 2 CERT_REQUEST_PROCESSED .IP \(bu 2 CERT_STATUS_CHANGE_REQUEST .IP \(bu 2 CERT_STATUS_CHANGE_REQUEST_PROCESSED .IP \(bu 2 CONFIG_CERT_POLICY .IP \(bu 2 PROFILE_CERT_REQUEST .IP \(bu 2 CIMC_CERT_VERIFICATION .IP \(bu 2 NON_PROFILE_CERT_REQUEST .RE .PP ACL audit events: .RS .IP \(bu 2 CONFIG_ACL .RE .PP OCSP audit events: .RS .IP \(bu 2 OCSP_SIGNING_INFO .IP \(bu 2 OCSP_GENERATION .RE .PP CRL audit events: .RS .IP \(bu 2 SCHEDULE_CRL_GENERATION .IP \(bu 2 DELTA_CRL_PUBLISHING .IP \(bu 2 CRL_VALIDATION .IP \(bu 2 CRL_RETRIEVAL .IP \(bu 2 CRL_SIGNING_INFO .IP \(bu 2 FULL_CRL_GENERATION .IP \(bu 2 DELTA_CRL_GENERATION .RE .PP Authority audit events: .RS .IP \(bu 2 AUTHORITY_CONFIG .IP \(bu 2 SECURITY_DOMAIN_UPDATE .IP \(bu 2 CONFIG_DRM .RE .PP Selftest audit events: .RS .IP \(bu 2 SELFTESTS_EXECUTION .RE .PP Encryption data audit events: .RS .IP \(bu 2 CONFIG_ENCRYPTION .IP \(bu 2 ENCRYPT_DATA_REQUEST .IP \(bu 2 ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE .IP \(bu 2 COMPUTE_RANDOM_DATA_REQUEST .IP \(bu 2 COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE .IP \(bu 2 COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 SECURITY_DATA_ARCHIVAL_REQUEST .RE .PP Serial/random number audit events: .RS .IP \(bu 2 INTER_BOUNDARY .IP \(bu 2 CONFIG_SERIAL_NUMBER .IP \(bu 2 RANDOM_GENERATION .RE .SH SEE ALSO .PP \fBpki-server(8)\fP .br PKI server management commands .SH AUTHORS .PP Amol Kahat <akahat@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2018 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.