pki-server-subsystem - Command-line interface for managing PKI subsystems.

Authors

       Ade Lee lt;alee@redhat.comgt;

Copyright

       Copyright (c) 2015 Red Hat, Inc.  This is licensed under  the  GNU  General  Public  License,  version  2
       (GPLv2).  A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.

PKI                                               July 15, 2015                          pki-server-subsystem(8)

Description

The pki-serversubsystem commands provide command-line interfaces to manage PKI subsystems. A PKI server
instance consists of a single Apache Tomcat instance that contains one or more PKI subsystems. Valid
subsystem identifiers are ca, kra, tks, ocsp and tps. No instance may have more than one of each type of
subsystem.

pki-serversubsystem commands perform operations on a specific subsystem within a PKI server instance.
Consequently, all pki-serversubsystem commands require specification of the instance ID to completely
identify the target subsystem.

Operations that are available include: listing subsystems in an instance; showing details about a
subsystem; and enabling and disabling subsystems.

pki-server [CLI-options] subsystem
This command is to list available subsystem commands.

pki-server [CLI-options] subsystem-find
This command is to list subsystems within a specific instance.

pki-server [CLI-options] subsystem-showsubsystem-ID
This command is to view the details about a particular subsystem.

pki-server [CLI-options] subsystem-enablesubsystem-ID
This command is to enable a particular subsystem.
Each subsystem consists of a web application within the Apache Tomcat instance.
Enabling a subsystem means deploying the web application so that the application initializes
and is accessible via the HTTP and HTTPS ports for the Apache Tomcat instance.

Note: Each subsystem runs a set of self-tests on startup. If these self-tests fail, the subsystem will
be disabled by undeploying the web application. The deployment status (enabled/disabled) of the
subsystem can be determined from the output of pki-serversubsystem-show. Once the underlying problem is
fixed, the subsystem should be re-enabled using pki-serversubsystem-enable.

pki-server [CLI-options] subsystem-disablesubsystem-ID
This command is to disable a subsystem by undeploying the web application corresponding to the
subsystem.
The subsystem will no longer be accessible through the web interfaces.
This is useful when specific subsystems need to be made inaccessible for maintenance
as Apache Tomcat allows web applications to be deployed/undeployed while the instance is still
running (hot deployment).

pki-server [CLI-options] subsystem-cert-findsubsystem-ID
This command is to list system certificates in a particular subsystem.

pki-server [CLI-options] subsystem-cert-showsubsystem-IDcert-ID
This command is to view the details about a system certificate in a particular subsystem.

pki-server [CLI-options] subsystem-cert-exportsubsystem-IDcert-ID
This command is to export a system certificate in a particular subsystem.

pki-server [CLI-options] subsystem-cert-updatesubsystem-IDcert-ID
This command is to update a system certificate in a particular subsystem.

Name

       pki-server-subsystem - Command-line interface for managing PKI subsystems.

Operations

       To  view  available  subsystem  management  commands,  type pki-serversubsystem.  To view each command's
       usage, type pki-serversubsystem-lt;commandgt;--help.

Options

       The CLI options are described in pki-server(8).

Synopsis

pki-server [CLI-options] subsystempki-server [CLI-options] subsystem-findpki-server [CLI-options] subsystem-showsubsystem-IDpki-server [CLI-options] subsystem-enablesubsystem-IDpki-server [CLI-options] subsystem-disablesubsystem-IDpki-server [CLI-options] subsystem-cert-findsubsystem-IDpki-server [CLI-options] subsystem-cert-showsubsystem-IDcert-IDpki-server [CLI-options] subsystem-cert-exportsubsystem-IDcert-IDpki-server [CLI-options] subsystem-cert-updatesubsystem-IDcert-ID