diff options
author | Ade Lee <alee@redhat.com> | 2016-04-20 17:26:23 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-05-02 14:45:38 -0400 |
commit | 5546024b33054181a60d91c6ec6f635c567c2ea8 (patch) | |
tree | a366e0d8af34d2764d85b7fb4aff2fd9705dec36 /base/server/python/pki/server/ca.py | |
parent | 6d37d95354b46846a055fcc8cdcf7f5f88ab729e (diff) | |
download | pki-5546024b33054181a60d91c6ec6f635c567c2ea8.tar.gz pki-5546024b33054181a60d91c6ec6f635c567c2ea8.tar.xz pki-5546024b33054181a60d91c6ec6f635c567c2ea8.zip |
Add CLI to check system certificate status
We add two different calls:
1. pki client-cert-validate - which checks a certificate in the client
certdb and calls the System cert verification call performed by JSS
in the system self test. This does some basic extensions and trust
tests, and also validates cert validity and cert trust chain.
2. pki-server subsystem-cert-validate <subsystem>
This calls pki client-cert-validate using the nssdb for the subsystem
on all of the system certificates by default (or just one if the
nickname is defined).
This is a great thing to call when healthchecking an instance,
and also will be used by pkispawn to verify the signing cert in the
externally signed CA case.
Trac Ticket 2043
Diffstat (limited to 'base/server/python/pki/server/ca.py')
0 files changed, 0 insertions, 0 deletions