Show Table of Contents
12.10. Using an Access Banner
In Certificate System, Administrators can configure a banner with customizable text. The banner will be displayed in the following situations:
| Application | When the banner is displayed |
|---|---|
| PKI Console |
|
| Web interface |
|
pki command-line utility |
|
[a]
For details about changing the session timeout, see Section 12.8, “Configuring Session Timeouts”.
| |
You can use the banner to display important information to the users before they can use Certificate System. The user must agree to the displayed text to continue.
Example 12.4. When the Access Banner is Displayed
The following example shows when the access banner is displayed if you are using the
pki utility:
# $ pki cert-show 0x1
WARNING! Access to this service is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest extent of the law. Do you want to proceed (y/N)? y
-----------------
Certificate "0x1"
-----------------
Serial Number: 0x1
Issuer: CN=CA Signing Certificate,OU=instance_name,O=EXAMPLE
Subject: CN=CA Signing Certificate,OU=instance_name,O=EXAMPLE
Status: VALID
Not Before: Mon Feb 20 18:21:03 CET 2017
Not After: Fri Feb 20 18:21:03 CET 2037
12.10.1. Enabling an Access Banner
To enable the access banner, create the
/etc/pki/instance_name/banner.txt file and enter the text to displayed.
Important
The text in the
/etc/pki/instance_name/banner.txt file must use the UTF-8 format. To validate, see Section 12.10.4, “Validating the Banner”.
12.10.2. Disabling an Access Banner
To disable the access banner, either delete or rename the
/etc/pki/instance_name/banner.txt file. For example:
# mv /etc/pki/instance_name/banner.txt /etc/pki/instance_name/banner.txt.UNUSED
12.10.3. Displaying the Banner
To display the currently configured banner:
# pki-server banner-show -i instance_name
12.10.4. Validating the Banner
To validate that the banner does not contain invalid characters:
# pki-server banner-validate -i instance_name --------------- Banner is valid ---------------
12.10.5. Bypassing the Access Banner
In certain situations, such as using the
pki utility in scripts, users want to bypass the access banner. In order to do this, pass the --ignore-banner to the command. For example:
# pki --ignore-banner cert-show 0x1
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.