PKI Security Domain CLI

Overview

The pki securitydomain commands can be used to manage a Security Domain.

Displaying Security Domain

To display the security domain:

$ pki securitydomain-show
  Domain: EXAMPLE

  CA Subsystem:

    Host ID: CA pki.example.com 8443
    Hostname: pki.example.com
    Port: 8080
    Secure Port: 8443
    Domain Manager: TRUE

  KRA Subsystem:

    Host ID: KRA pki.example.com 8443
    Hostname: pki.example.com
    Port: 8080
    Secure Port: 8443
    Domain Manager: FALSE

Joining Security Domain

To join a security domain, obtain an installation token, then execute the following command:

$ pki \
    -d /var/lib/pki/pki-tomcat/conf/alias \
    -f /var/lib/pki/pki-tomcat/conf/password.conf \
    securitydomain-join \
    "KRA pki.example.com 8443" \
    --install-token <token> \
    --type KRA \
    --hostname pki.example.com

Leaving Security Domain

To leave a security domain, execute the following command with subsystem certificate for authentication:

$ pki \
    -d /var/lib/pki/pki-tomcat/conf/alias \
    -f /var/lib/pki/pki-tomcat/conf/password.conf \
    -n subsystem \
    securitydomain-leave \
    "KRA pki.example.com 8443" \
    --type KRA \
    --hostname pki.example.com

Availability: Since PKI 11.4.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PKI Security Domain CLI

Overview

Displaying Security Domain

Joining Security Domain

Leaving Security Domain

See Also

Clone this wiki locally