Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


traceoptions (Security PKI)


Hierarchy Level


Configure security public key infrastructure (PKI) trace options. To specify more than one trace option, include multiple flag statements. Trace option output is recorded in the /var/log/pkid file.


file filename

Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. To include the file statement, you must specify a filename.

files number

(Optional) Maximum number of trace files. When a trace file (for example, pkid) reaches its maximum size, it is renamed pkid.0, then pkid.1, and so on, until the maximum number of trace files is reached. When the maximum number is reached, the oldest trace file is overwritten. If you specify a maximum number of files, you must also specify a maximum file size with the size option.

  • Range: 2 through 1000 files

  • Default: 2 files


Trace operation to perform. To specify more than one trace operation, include multiple flag statements:


Trace with all flags enabled.


Trace PKI certificate verification events.


Trace PKI online certificate revocation list (CRL) events.


PKI certificate enrollment tracing.

match regular-expression

(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size

(Optional) Maximum size of each trace file, in kilobytes (KB). If you specify a maximum file size, you also must specify a maximum number of trace files with the files number option.

  • Default: 1024 KB

world-readable | no-world-readable

(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.