Install Now
pki-healthcheck - Command-Line Interface to check health of a PKI installation
Contents
Copyright
Copyright (c) 2020 Red Hat, Inc. This is licensed under the GNU General Public License, version 2
(GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
⟨http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt⟩.
PKI January 16, 2020 pki-healthcheck(8)
Description
A PKI installation can be complex, therefore identifying real or potential issues can be difficult and
require a lot of analysis. This tool aims to reduce the burden by attempting to identify issues in
advance so that they can be corrected, ideally before the issue becomes critical.
ORGANIZATION
The areas of the system to check are logically grouped together. This grouping is called a source. A
source consists of one or more checks.
A check is as atomic as possible to limit the scope and complexity.
Each check will return a result, either a result of WARNING, ERROR, CRITICAL or SUCCESS. Returning
SUCCESS tells you that the check was done and was deemed correct.
Upon failure, the output will include name of the source and name of the check that detected the
failure along with a message and name/value pairs indicating the problem. If a check can't make a final
determination, it throws WARNING so that it can be examined.
Examples
Execute healthcheck with the default JSON output:
pki-healthcheck
Execute healthcheck with a prettier JSON output:
pki-healthcheck--indent2
Execute healthcheck and only display errors:
pki-healthcheck--failures-only
Execute healthcheck and display results in human-readable format:
pki-healthcheck--output-formathuman
Execute healthcheck and write results to a file:
pki-healthcheck--output-file/var/log/pki/healthcheck/results.json
Display in the previous report in a human-readable format:
pki-healthcheck--output-formathuman--input-file/var/log/pki/healthcheck/results.jsonExit Status
0 if all checks were successful
1 if any one check failed or the command failed to execute properly
Files
/etc/pki/healthcheck.conf
Name
pki-healthcheck - Command-Line Interface to check health of a PKI installation
Notes
CHECKSINCLUDEDCertificatesyncbetweenCS.cfgandNSSdatabase
Checks whether the system certificates in CS.cfg and NSS database are the same
Systemcertificateexpiry
Checks the expiry status of the installed system certificates
Systemcertificatetrustflags
Checks whether the installed system certificates carry the correct Trust flags
Subsystemconnectivitycheck
Checks whether a subsystem is running and able to respond to requests
Options
COMMANDS--list-sources
Display a list of the available sources and the checks associated with those sources.
OPTIONALARGUMENTS--source=SOURCE
Execute one or more checks within this given source.
--check=CHECK
Execute this particular check within a source. A source must be supplied as well with this option.
--output-type=[json|human]
Set the output type. Defaults to JSON.
--failures-only
Exclude SUCCESS results on output.
--severity=SEVERITY
Only report errors in the requested severity of SUCCESS, WARNING, ERROR or CRITICAL. This can be
provided multiple times to search on multiple levels.
--debug
Generate additional debugging output.
JSONOUTPUT
The output is displayed as a list of result messages for each check executed in JSON format. This could
be input for a monitoring system.
--output-file=FILENAME
Write the output to this filename rather than stdout.
--indent=INDENT
Pretty-print the JSON with this indention level. This can make the output more human-readable.
HUMAN-READABLEOUTPUT
The results are displayed in a more human-readable format.
--input-file=FILENAME
Take as input a JSON results output and convert it to a more human-readable form.
Synopsis
pki-healthcheck [CLI-options]
PNG Icons
SVG Icons
