pki-server-tps - Man Page

Command-Line Interface for managing PKI TPS.

Synopsis

pki-server [CLI-options] tps-clone-prepare [command-options]
pki-server [CLI-options] tps-db-vlv-find [command-options]
pki-server [CLI-options] tps-db-vlv-add [command-options]
pki-server [CLI-options] tps-db-vlv-del [command-options]
pki-server [CLI-options] tps-db-vlv-reindex [command-options]
pki-server [CLI-options] tps-audit-event-find [command-options]
pki-server [CLI-options] tps-audit-event-enable [command-options] event-ID
pki-server [CLI-options] tps-audit-event-modify [command-options] event-ID
pki-server [CLI-options] tps-audit-event-disable [command-options] event-ID
pki-server [CLI-options] tps-audit-file-find [command-options]
pki-server [CLI-options] tps-audit-file-verify [command-options]

.SH DESCRIPTION

The pki-server tps commands provide command-line interfaces to manage PKI TPS.

pki-server [CLI-options] tps [command-options]
   This command is to list available PKI TPS management commands.

pki-server [CLI-options] tps-clone-prepare [command-options]
   This command export TPS system certificates into a PKCS #12 file with private keys.

pki-server [CLI-options] tps-db-vlv-find [command-options]
   This command will list VLV records for TPS.

pki-server [CLI-options] tps-db-vlv-add [command-options]
   This command will add VLV records for TPS.

pki-server [CLI-options] tps-db-vlv-del [command-options]
   This command will delete VLV records for TPS.

pki-server [CLI-options] tps-db-vlv-reindex [command-options]
   This command will reindex VLV records for TPS.

pki-server [CLI-options] tps-audit-event-find [command-options]
   This command list all the audit events which are enabled/disabled.

pki-server [CLI-options] tps-audit-event-enable [command-options] event-ID
   This command will enable audit events in the TPS.

pki-server [CLI-options] tps-audit-event-disable [command-options] event-ID
   This command will disable audit events in the TPS.

pki-server [CLI-options] tps-audit-event-modify [command-options] event-ID
   This command will modify the event filter for audit events.

pki-server [CLI-options] tps-audit-file-find [command-options]
   This command lists audit log files generated by the TPS.

pki-server [CLI-options] tps-audit-file-verify [command-options]
   This command will verify whether the signatures in the audit log files are valid.

Audit Events

Logging audit events:

Authentication and authorization audit events:

Key audit events:
  • PRIVATE_KEY_ARCHIVE_REQUEST
  • PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
  • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
  • CONFIG_TRUSTED_PUBLIC_KEY
  • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
  • KEY_RECOVERY_REQUEST
  • KEY_RECOVERY_REQUEST_ASYNC
  • KEY_RECOVERY_AGENT_LOGIN
  • KEY_RECOVERY_REQUEST_PROCESSED
  • KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
  • KEY_GEN_ASYMMETRIC
  • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS
  • COMPUTE_SESSION_KEY_REQUEST
  • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE
  • DIVERSIFY_KEY_REQUEST
  • DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS
  • DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE
  • SERVER_SIDE_KEYGEN_REQUEST
  • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS
  • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE
CMC audit events:
  • CMC_RESPONSE_SENT
  • CMC_ID_POP_LINK_WITNESS
  • CMC_SIGNED_REQUEST_SIG_VERIFY
  • CMC_PROOF_OF_IDENTIFICATION
  • CMC_REQUEST_RECEIVED
  • CMC_USER_SIGNED_REQUEST_SIG_VERIFY
  • PROOF_OF_POSSESSION
Profile audit events:
  • CONFIG_CERT_PROFILE
  • CONFIG_CRL_PROFILE
  • CONFIG_OCSP_PROFILE
Certificate audit events:
  • CERT_SIGNING_INFO
  • CERT_PROFILE_APPROVAL
  • CERT_REQUEST_PROCESSED
  • CERT_STATUS_CHANGE_REQUEST
  • CERT_STATUS_CHANGE_REQUEST_PROCESSED
  • CONFIG_CERT_POLICY
  • PROFILE_CERT_REQUEST
  • CIMC_CERT_VERIFICATION
  • NON_PROFILE_CERT_REQUEST
ACL audit events:
  • CONFIG_ACL
OCSP audit events:
  • OCSP_SIGNING_INFO
  • OCSP_GENERATION
CRL audit events:
  • SCHEDULE_CRL_GENERATION
  • DELTA_CRL_PUBLISHING
  • CRL_VALIDATION
  • CRL_RETRIEVAL
  • CRL_SIGNING_INFO
  • FULL_CRL_GENERATION
  • DELTA_CRL_GENERATION
Authority audit events:
  • AUTHORITY_CONFIG
  • SECURITY_DOMAIN_UPDATE
  • CONFIG_DRM
Selftest audit events:
  • SELFTESTS_EXECUTION

Encryption data audit events:

Serial/random number audit events:

Authors

Amol Kahat <akahat@redhat.com>.

Info

Mar 21, 2018 PKI TPS Management Commands