.nh .TH pki-server-ocsp 8 "Mar 21, 2018" PKI "PKI OCSP Management Commands" .SH NAME .PP pki-server-ocsp - Command-line interface for managing PKI OCSP. .SH SYNOPSIS .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-clone-prepare\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-find\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-enable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-modify\fP [\fIcommand-options\fP] \fIevent-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-disable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-file-find\fP [\fIcommand-options\fP] .br \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-file-verify\fP [\fIcommand-options\fP] .SH DESCRIPTION .PP The \fBpki-server ocsp\fP commands provide command-line interfaces to manage PKI OCSP. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp\fP [\fIcommand-options\fP] .br This command is to list available PKI OCSP management commands. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-clone-prepare\fP [\fIcommand-options\fP] .br This command export OCSP subsystem certificates into a PKCS #12 file with private keys. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-find\fP [\fIcommand-options\fP] .br This command list all the audit events which are enabled/disabled. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-enable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br This command will enable audit events in the OCSP. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-disable\fP [\fIcommand-options\fP] \fIevent-ID\fP .br This command will disable audit events in the OCSP. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-event-modify\fP [\fIcommand-options\fP] \fIevent-ID\fP .br This command will modify the event filter for audit events. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-file-find\fP [\fIcommand-options\fP] .br This command lists the audit log files generated by the OCSP. .PP \fBpki-server\fP [\fICLI-options\fP] \fBocsp-audit-file-verify\fP [\fIcommand-options\fP] .br This command will verify whether the signatures in the audit log files are valid. .SH AUDIT EVENTS .PP Logging audit events: .RS .IP \(bu 2 AUDIT_LOG_STARTUP .IP \(bu 2 AUDIT_LOG_SHUTDOWN .IP \(bu 2 AUDIT_LOG_DELETE .IP \(bu 2 LOG_PATH_CHANGE .IP \(bu 2 LOG_EXPIRATION_CHANGE .IP \(bu 2 CONFIG_SIGNED_AUDIT .RE .PP Authentication and authorization audit events: .RS .IP \(bu 2 AUTHZ .IP \(bu 2 AUTH .IP \(bu 2 ROLE_ASSUME .IP \(bu 2 CONFIG_AUTH .IP \(bu 2 CONFIG_ROLE .IP \(bu 2 ACCESS_SESSION_ESTABLISH .IP \(bu 2 ACCESS_SESSION_TERMINATED .RE .PP Key audit events: .RS .IP \(bu 2 PRIVATE_KEY_ARCHIVE_REQUEST .IP \(bu 2 PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED .IP \(bu 2 PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 CONFIG_TRUSTED_PUBLIC_KEY .IP \(bu 2 PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE .IP \(bu 2 KEY_RECOVERY_REQUEST .IP \(bu 2 KEY_RECOVERY_REQUEST_ASYNC .IP \(bu 2 KEY_RECOVERY_AGENT_LOGIN .IP \(bu 2 KEY_RECOVERY_REQUEST_PROCESSED .IP \(bu 2 KEY_RECOVERY_REQUEST_PROCESSED_ASYNC .IP \(bu 2 KEY_GEN_ASYMMETRIC .IP \(bu 2 COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 COMPUTE_SESSION_KEY_REQUEST .IP \(bu 2 COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE .IP \(bu 2 DIVERSIFY_KEY_REQUEST .IP \(bu 2 DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE .IP \(bu 2 SERVER_SIDE_KEYGEN_REQUEST .IP \(bu 2 SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE .RE .PP CMC audit events: .RS .IP \(bu 2 CMC_RESPONSE_SENT .IP \(bu 2 CMC_ID_POP_LINK_WITNESS .IP \(bu 2 CMC_SIGNED_REQUEST_SIG_VERIFY .IP \(bu 2 CMC_PROOF_OF_IDENTIFICATION .IP \(bu 2 CMC_REQUEST_RECEIVED .IP \(bu 2 CMC_USER_SIGNED_REQUEST_SIG_VERIFY .IP \(bu 2 PROOF_OF_POSSESSION .RE .PP Profile audit events: .RS .IP \(bu 2 CONFIG_CERT_PROFILE .IP \(bu 2 CONFIG_CRL_PROFILE .IP \(bu 2 CONFIG_OCSP_PROFILE .RE .PP Certificate audit events: .RS .IP \(bu 2 CERT_SIGNING_INFO .IP \(bu 2 CERT_PROFILE_APPROVAL .IP \(bu 2 CERT_REQUEST_PROCESSED .IP \(bu 2 CERT_STATUS_CHANGE_REQUEST .IP \(bu 2 CERT_STATUS_CHANGE_REQUEST_PROCESSED .IP \(bu 2 CONFIG_CERT_POLICY .IP \(bu 2 PROFILE_CERT_REQUEST .IP \(bu 2 CIMC_CERT_VERIFICATION .IP \(bu 2 NON_PROFILE_CERT_REQUEST .RE .PP ACL audit events: .RS .IP \(bu 2 CONFIG_ACL .RE .PP OCSP audit events: .RS .IP \(bu 2 OCSP_SIGNING_INFO .IP \(bu 2 OCSP_GENERATION .RE .PP CRL audit events: .RS .IP \(bu 2 SCHEDULE_CRL_GENERATION .IP \(bu 2 DELTA_CRL_PUBLISHING .IP \(bu 2 CRL_VALIDATION .IP \(bu 2 CRL_RETRIEVAL .IP \(bu 2 CRL_SIGNING_INFO .IP \(bu 2 FULL_CRL_GENERATION .IP \(bu 2 DELTA_CRL_GENERATION .RE .PP Authority audit events: .RS .IP \(bu 2 AUTHORITY_CONFIG .IP \(bu 2 SECURITY_DOMAIN_UPDATE .IP \(bu 2 CONFIG_DRM .RE .PP Selftest audit events: .RS .IP \(bu 2 SELFTESTS_EXECUTION .RE .PP Encryption data audit events: .RS .IP \(bu 2 CONFIG_ENCRYPTION .IP \(bu 2 ENCRYPT_DATA_REQUEST .IP \(bu 2 ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE .IP \(bu 2 COMPUTE_RANDOM_DATA_REQUEST .IP \(bu 2 COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE .IP \(bu 2 COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS .IP \(bu 2 SECURITY_DATA_ARCHIVAL_REQUEST .RE .PP Serial/random number audit event: .RS .IP \(bu 2 INTER_BOUNDARY .IP \(bu 2 CONFIG_SERIAL_NUMBER .IP \(bu 2 RANDOM_GENERATION .RE .SH SEE ALSO .PP \fBpki-server(8)\fP .br PKI server management commands .SH AUTHORS .PP Amol Kahat <akahat@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2018 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.