12.10. Using an Access Banner

In Certificate System, Administrators can configure a banner with customizable text. The banner will be displayed in the following situations:
Application When the banner is displayed
PKI Console
  • Before the console is displayed.
  • After the session has expired. [a]
Web interface
  • When you connect to the web interface.
  • After the session expired.[a]
pki command-line utility
  • Before the actual operation proceeds.
[a] For details about changing the session timeout, see Section 12.8, “Configuring Session Timeouts”.
You can use the banner to display important information to the users before they can use Certificate System. The user must agree to the displayed text to continue.

Example 12.4. When the Access Banner is Displayed

The following example shows when the access banner is displayed if you are using the pki utility:
# $ pki cert-show 0x1
WARNING! Access to this service is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest extent of the law. Do you want to proceed (y/N)? y
-----------------
Certificate "0x1"
-----------------
  Serial Number: 0x1
  Issuer: CN=CA Signing Certificate,OU=instance_name,O=EXAMPLE
  Subject: CN=CA Signing Certificate,OU=instance_name,O=EXAMPLE
  Status: VALID
  Not Before: Mon Feb 20 18:21:03 CET 2017
  Not After: Fri Feb 20 18:21:03 CET 2037

12.10.1. Enabling an Access Banner

To enable the access banner, create the /etc/pki/instance_name/banner.txt file and enter the text to displayed.

Important

The text in the /etc/pki/instance_name/banner.txt file must use the UTF-8 format. To validate, see Section 12.10.4, “Validating the Banner”.

12.10.2. Disabling an Access Banner

To disable the access banner, either delete or rename the /etc/pki/instance_name/banner.txt file. For example:
# mv /etc/pki/instance_name/banner.txt /etc/pki/instance_name/banner.txt.UNUSED

12.10.3. Displaying the Banner

To display the currently configured banner:
# pki-server banner-show -i instance_name

12.10.4. Validating the Banner

To validate that the banner does not contain invalid characters:
# pki-server banner-validate -i instance_name
---------------
Banner is valid
---------------

12.10.5. Bypassing the Access Banner

In certain situations, such as using the pki utility in scripts, users want to bypass the access banner. In order to do this, pass the --ignore-banner to the command. For example:
# pki --ignore-banner cert-show 0x1