pki-server-ocsp - Man Page

Command-line interface for managing PKI OCSP.

Synopsis

pki-server [CLI-options] ocsp-clone-prepare [command-options]
pki-server [CLI-options] ocsp-audit-event-find [command-options]
pki-server [CLI-options] ocsp-audit-event-enable [command-options] event-ID
pki-server [CLI-options] ocsp-audit-event-modify [command-options] event-ID
pki-server [CLI-options] ocsp-audit-event-disable [command-options] event-ID
pki-server [CLI-options] ocsp-audit-file-find [command-options]
pki-server [CLI-options] ocsp-audit-file-verify [command-options]

Description

The pki-server ocsp commands provide command-line interfaces to manage PKI OCSP.

pki-server [CLI-options] ocsp [command-options]
   This command is to list available PKI OCSP management commands.

pki-server [CLI-options] ocsp-clone-prepare [command-options]
   This command export  OCSP subsystem certificates into a PKCS #12 file with private keys.

pki-server [CLI-options] ocsp-audit-event-find [command-options]
   This command list all the audit events which are enabled/disabled.

pki-server [CLI-options] ocsp-audit-event-enable [command-options] event-ID
   This command will enable audit events in the OCSP.

pki-server [CLI-options] ocsp-audit-event-disable [command-options] event-ID
   This command will disable audit events in the OCSP.

pki-server [CLI-options] ocsp-audit-event-modify [command-options] event-ID
   This command will modify the event filter for audit events.

pki-server [CLI-options] ocsp-audit-file-find [command-options]
   This command lists the audit log files generated by the OCSP.

pki-server [CLI-options] ocsp-audit-file-verify [command-options]
   This command will verify whether the signatures in the audit log files are valid.

Audit Events

Logging audit events:

Authentication and authorization audit events:

Key audit events:
  • PRIVATE_KEY_ARCHIVE_REQUEST
  • PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
  • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
  • CONFIG_TRUSTED_PUBLIC_KEY
  • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
  • KEY_RECOVERY_REQUEST
  • KEY_RECOVERY_REQUEST_ASYNC
  • KEY_RECOVERY_AGENT_LOGIN
  • KEY_RECOVERY_REQUEST_PROCESSED
  • KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
  • KEY_GEN_ASYMMETRIC
  • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS
  • COMPUTE_SESSION_KEY_REQUEST
  • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE
  • DIVERSIFY_KEY_REQUEST
  • DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS
  • DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE
  • SERVER_SIDE_KEYGEN_REQUEST
  • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS
  • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE
CMC audit events:
  • CMC_RESPONSE_SENT
  • CMC_ID_POP_LINK_WITNESS
  • CMC_SIGNED_REQUEST_SIG_VERIFY
  • CMC_PROOF_OF_IDENTIFICATION
  • CMC_REQUEST_RECEIVED
  • CMC_USER_SIGNED_REQUEST_SIG_VERIFY
  • PROOF_OF_POSSESSION
Profile audit events:
  • CONFIG_CERT_PROFILE
  • CONFIG_CRL_PROFILE
  • CONFIG_OCSP_PROFILE
Certificate audit events:
  • CERT_SIGNING_INFO
  • CERT_PROFILE_APPROVAL
  • CERT_REQUEST_PROCESSED
  • CERT_STATUS_CHANGE_REQUEST
  • CERT_STATUS_CHANGE_REQUEST_PROCESSED
  • CONFIG_CERT_POLICY
  • PROFILE_CERT_REQUEST
  • CIMC_CERT_VERIFICATION
  • NON_PROFILE_CERT_REQUEST
ACL audit events:
  • CONFIG_ACL
OCSP audit events:
  • OCSP_SIGNING_INFO
  • OCSP_GENERATION
CRL audit events:
  • SCHEDULE_CRL_GENERATION
  • DELTA_CRL_PUBLISHING
  • CRL_VALIDATION
  • CRL_RETRIEVAL
  • CRL_SIGNING_INFO
  • FULL_CRL_GENERATION
  • DELTA_CRL_GENERATION
Authority audit events:
  • AUTHORITY_CONFIG
  • SECURITY_DOMAIN_UPDATE
  • CONFIG_DRM
Selftest audit events:
  • SELFTESTS_EXECUTION

Encryption data audit events:

Serial/random number audit event:

See Also

pki-server(8)
   PKI server management commands

Authors

Amol Kahat <akahat@redhat.com>.

Info

Mar 21, 2018 PKI OCSP Management Commands