13.7. Using an Access Banner

download PDF
In Certificate System, Administrators can configure a banner with customizable text. The banner will be displayed in the following situations:
Application When the banner is displayed
PKI Console
  • Before the console is displayed.
  • After the session has expired. [a]
Web interface
  • When you connect to the web interface.
  • After the session expired.[a]
pki command-line utility
  • Before the actual operation proceeds.
[a] For details about changing the session timeout, see Section 13.4.2, “Session Timeout”.
You can use the banner to display important information to the users before they can use Certificate System. The user must agree to the displayed text to continue.

Example 13.5. When the Access Banner is Displayed

The following example shows when the access banner is displayed if you are using the pki utility:
$ pki cert-show 0x1
WARNING! Access to this service is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest extent of the law. Do you want to proceed (y/N)? y
Certificate "0x1"
  Serial Number: 0x1
  Issuer: CN=CA Signing Certificate,OU=instance_name,O=EXAMPLE
  Subject: CN=CA Signing Certificate,OU=instance_name,O=EXAMPLE
  Status: VALID
  Not Before: Mon Feb 20 18:21:03 CET 2017
  Not After: Fri Feb 20 18:21:03 CET 2037

13.7.1. Enabling an Access Banner

To enable the access banner, create the /etc/pki/instance_name/banner.txt file and enter the text to displayed.


The text in the /etc/pki/instance_name/banner.txt file must use the UTF-8 format. To validate, see Section 13.7.4, “Validating the Banner”.

13.7.2. Disabling an Access Banner

To disable the access banner, either delete or rename the /etc/pki/instance_name/banner.txt file. For example:
# mv /etc/pki/instance_name/banner.txt /etc/pki/instance_name/banner.txt.UNUSED

13.7.3. Displaying the Banner

To display the currently configured banner:
# pki-server banner-show -i instance_name

13.7.4. Validating the Banner

To validate that the banner does not contain invalid characters:
# pki-server banner-validate -i instance_name
Banner is valid
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.