GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::Workflow::Activity::Tools::PublishCA(3) User Contributed Perl Documentation OpenXPKI::Server::Workflow::Activity::Tools::PublishCA(3)

OpenXPKI::Server::Workflow::Activity::Tools::PublishCA

This activity publishes a single ca certificate. The context must hold the ca_alias parameter. The data point you specify at prefix must contain a list of connectors. Each connector is called with the CN of the certificate as location. The data portion contains a hash ref with the keys pem, der and subject holding the appropriate strings and dn which is the subject parsed into a hash as used in the template processing when issuing the certificates.

Set the "prefix" paramater to tell the activity where to find the connector 

    publish_crl:
        class: OpenXPKI::Server::Workflow::Activity::Tools::PublishCA
        label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CRL_ISSUANCE_PUBLISH_CA_LABEL
        description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CRL_ISSUANCE_PUBLISH_CA_DESC
        input:
          - ca_alias
        param:
            prefix: publishing.cacert

Set up the connector using this syntax

  publishing:
    cacert:
      repo1@: connector:....
      repo2@: connector:....

To publish the certificate to your LDAP with autocreation of missing nodes, here is an example connector:

    ldap-cacert:
        class: Connector::Proxy::Net::LDAP::Single
        LOCATION: ldap://localhost:389
        base: ou=pki,dc=mycompany,dc=com
        filter: (cn=[% ARGS.0 %])
        binddn: cn=admin,dc=mycompany,dc=com
        password: admin
        attrmap:
            der: cacertificate;binary

        create:
            basedn: ou=pki,dc=mycompany,dc=com
            rdnkey: cn

        schema:
            cn:
                objectclass: top organizationalRole pkiCA crlDistributionPoint

prefix / target
Enables publishing to a fixed set of connectors, disables per profile settings. Base path fot target is publishing.cacert

See OpenXPKI::Server::Workflow::Role::Publish

on_error
Define what to do on problems with the publication connectors. One of:
exception (default)
The connector exception bubbles up and the workflow terminates.
skip
Skip the publication target and continue with the next one.
queue
Similar to skip, but failed targets are added to a queue. As long as the queue is not empty, pause/wake_up is used to retry those targets with the retry parameters set. This obvioulsy requires retry_count to be set.

ca_alias
The alias name of the CA
tmp_publish_queue
Used to temporary store unpublished targets when on_error is set.
2022-05-14 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.