PKI TPS Connector CLI - dogtagpki/pki GitHub Wiki
$ pki -n caadmin tps-connector-find ----------------- 3 entries matched ----------------- Connector ID: ca1 Status: Enabled Connector ID: tks1 Status: Enabled Connector ID: kra1 Status: Enabled ---------------------------- Number of entries returned 3 ----------------------------
To display connector configuration:
$ pki -n caadmin tps-connector-show ca1 --------------- Connector "ca1" --------------- Connector ID: ca1 Status: Enabled Properties: tps.connector.ca1.enable: true tps.connector.ca1.host: pki.example.com tps.connector.ca1.maxHttpConns: 15 tps.connector.ca1.minHttpConns: 1 tps.connector.ca1.nickName: subsystemCert cert-pki-tomcat tps.connector.ca1.port: 8443 tps.connector.ca1.timeout: 30 tps.connector.ca1.uri.enrollment: /ca/ee/ca/profileSubmitSSLClient tps.connector.ca1.uri.getcert: /ca/ee/ca/displayBySerial tps.connector.ca1.uri.renewal: /ca/ee/ca/profileSubmitSSLClient tps.connector.ca1.uri.revoke: /ca/ee/subsystem/ca/doRevoke tps.connector.ca1.uri.unrevoke: /ca/ee/subsystem/ca/doUnrevoke
To download connector configuration into a file:
$ pki -n caadmin tps-connector-show ca1 --output ca1.xml ----------------------------------- Stored connector "ca1" into ca1.xml -----------------------------------
The configuration will be stored in XML format:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Connector id="ca1" xmlns:ns2="http://www.w3.org/2005/Atom"> <Link href="https://pki.example.com:8443/tps/rest/connectors/ca1" rel="self"/> <Properties> <Property name="tps.connector.ca1.enable">true</Property> <Property name="tps.connector.ca1.host">pki.example.com</Property> <Property name="tps.connector.ca1.maxHttpConns">15</Property> <Property name="tps.connector.ca1.minHttpConns">1</Property> <Property name="tps.connector.ca1.nickName">subsystemCert cert-pki-tomcat</Property> <Property name="tps.connector.ca1.port">8443</Property> <Property name="tps.connector.ca1.timeout">30</Property> <Property name="tps.connector.ca1.uri.enrollment">/ca/ee/ca/profileSubmitSSLClient</Property> <Property name="tps.connector.ca1.uri.getcert">/ca/ee/ca/displayBySerial</Property> <Property name="tps.connector.ca1.uri.renewal">/ca/ee/ca/profileSubmitSSLClient</Property> <Property name="tps.connector.ca1.uri.revoke">/ca/ee/subsystem/ca/doRevoke</Property> <Property name="tps.connector.ca1.uri.unrevoke">/ca/ee/subsystem/ca/doUnrevoke</Property> </Properties> <Status>Enabled</Status> </Connector>
To add a new connector, download the configuration of an existing connector into a file. Change the connector ID and make the necessary changes:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Connector id="ca2" xmlns:ns2="http://www.w3.org/2005/Atom"> <Link href="https://pki.example.com:8443/tps/rest/connectors/test" rel="self"/> <Properties> <Property name="tps.connector.test.enable">true</Property> <Property name="tps.connector.test.host">pki.example.com</Property> <Property name="tps.connector.test.maxHttpConns">15</Property> <Property name="tps.connector.test.minHttpConns">1</Property> <Property name="tps.connector.test.nickName">subsystemCert cert-pki-tomcat</Property> <Property name="tps.connector.test.port">8443</Property> <Property name="tps.connector.test.timeout">30</Property> <Property name="tps.connector.test.uri.enrollment">/ca/ee/ca/profileSubmitSSLClient</Property> <Property name="tps.connector.test.uri.getcert">/ca/ee/ca/displayBySerial</Property> <Property name="tps.connector.test.uri.renewal">/ca/ee/ca/profileSubmitSSLClient</Property> <Property name="tps.connector.test.uri.revoke">/ca/ee/subsystem/ca/doRevoke</Property> <Property name="tps.connector.test.uri.unrevoke">/ca/ee/subsystem/ca/doUnrevoke</Property> </Properties> <Status>Enabledk</Status> </Connector>
Then upload the new configuration:
$ pki -n caadmin tps-connector-add --input test.xml ---------------------- Added connector "test" ----------------------
$ pki -n caadmin tps-connector-mod test --action enable
$ pki -n caadmin tps-connector-mod test --action disable
To modify a connector, make sure the connector is disabled. Download the current configuration using the pki tps-connector-show
command, edit the file, then update the new configuration:
$ pki -n caadmin tps-connector-mod test --input test.xml
Finally, re-enable the connector.
To delete a connector, make sure the connector is disabled, then execute the following command:
$ pki -n caadmin tps-connector-del test ------------------------ Deleted connector "test" ------------------------