PKI Security Domain CLI - dogtagpki/pki GitHub Wiki

Overview

The pki securitydomain commands can be used to manage a Security Domain.

Displaying Security Domain

To display the security domain:

$ pki securitydomain-show
  Domain: EXAMPLE

  CA Subsystem:

    Host ID: CA pki.example.com 8443
    Hostname: pki.example.com
    Port: 8080
    Secure Port: 8443
    Domain Manager: TRUE

  KRA Subsystem:

    Host ID: KRA pki.example.com 8443
    Hostname: pki.example.com
    Port: 8080
    Secure Port: 8443
    Domain Manager: FALSE

Joining Security Domain

To join a security domain, obtain an installation token, then execute the following command:

$ pki \
    -d /etc/pki/pki-tomcat/alias \
    -f /etc/pki/pki-tomcat/password.conf \
    securitydomain-join \
    "KRA pki.example.com 8443" \
    --install-token <token> \
    --type KRA \
    --hostname pki.example.com

Leaving Security Domain

To leave a security domain, execute the following command with subsystem certificate for authentication:

$ pki \
    -d /etc/pki/pki-tomcat/alias \
    -f /etc/pki/pki-tomcat/password.conf \
    -n subsystem \
    securitydomain-leave \
    "KRA pki.example.com 8443" \
    --type KRA \
    --hostname pki.example.com

Availability: Since PKI 11.4.

See Also

⚠️ **GitHub.com Fallback** ⚠️