.nh .TH pki-ca-kraconnector 1 "June 10, 2016" PKI "PKI CA-KRA Connector Management Commands" .SH NAME .PP pki-ca-kraconnector - Command-line interface for managing CA-KRA connectors. .SH SYNOPSIS .PP \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector\fP .br \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-show\fP .br \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-add\fP --input-file \fIinput-file\fP .br \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-add\fP --host \fIKRA-host\fP --port \fIKRA-port\fP .br \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-del\fP --host \fIKRA-host\fP --port \fIKRA-port\fP .SH DESCRIPTION .PP The \fBpki-ca-kraconnector\fP commands provide command-line interfaces to manage CA-KRA connectors. This command should be applied against CAs only. .PP When keys are archived, the CA communicates with the KRA through authenticated persistent connections called Connectors. Because the CA initiates the communication, the connector configuration is performed on the CA only. A Connector is automatically configured on the issuing CA whenever a KRA is set up by \fBpkispawn\fP\&. .PP A CA may have only one KRA connector. This connector can be configured to talk to multiple KRAs (for high availability) only if the KRAs are clones. .PP \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector\fP .br This command is to list available KRA connector commands. .PP \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-show\fP .br This command is to view the configuration settings for the CA-KRA connector configured on the CA. These details can be redirected to a file, modified as needed, and used as the input file for the \fBca-kraconnector-add\fP command. .PP \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-add\fP --input-file \fIinput-file\fP .br This command is to configure the CA-KRA connector on the CA subsystem. The input file is an XML document as provided by the \fBpki ca-kraconnector-show\fP command. A CA-KRA connector can only be created from an input file only if a connector does not already exist. If one already exists, it should be removed first. .PP \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-add\fP --host \fIKRA-host\fP --port \fIKRA-port\fP .br This command is to add a host to an existing CA-KRA connector. .PP \fBpki\fP [\fICLI-options\fP] \fBca-kraconnector-del\fP --host \fIKRA-host\fP --port \fIKRA-port\fP .br This command is to delete a host from the CA-KRA connector on a CA. If the last KRA host is removed, the connector configuration is removed from the CA. .SH OPTIONS .PP The CLI options are described in \fBpki(1)\fP\&. .SH OPERATIONS .PP To view available CA-KRA connector commands, type \fBpki ca-kraconnector\fP\&. To view each command's usage, type \fBpki ca-kraconnector-<command> --help\fP\&. .PP All CA-KRA connector commands must be executed as the CA administrator. .PP To retrieve the CA-KRA connector configuration from the CA: .PP .RS .nf $ pki ca-kraconnector-show .fi .RE .PP One of the most common use cases for these commands is to add a KRA clone to an existing CA-KRA connector for high availability. This can be done using the pki ca-kraconnector-add command as shown: .PP .RS .nf $ pki ca-kraconnector-add --host kra2.example.com --port 8443 .fi .RE .PP To delete a KRA clone from the connector: .PP .RS .nf $ pki ca-kraconnector-del --host kra2.example.com --port 8443 .fi .RE .SH AUTHOR .PP Ade Lee <alee@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.