import_certificate

• "data" Str - certificate data (PEM encoded)
• "pki_realm" Str - set the PKI realm to this value (optional, might be overridden by an issuer's realm)
• "force_nochain" Str - 1 = import certificate even if issuer is unknown (then issuer_identifier will not be set) or has an incomplete signature chain. Default: 0
• "force_issuer" Bool - 1 = enforce import even if it has an invalid signature chain (i.e. verification failed). Default: 0
• "force_noverify" Bool - 1 = do not validate signature chain (e.g. if one of the certificates' CAs has expired). Default: 0
• "revoked" Bool - set to 1 to set the certificate status to REVOKED. Default: 0
• "ignore_existing" Bool - if the certificate already exists, return undef instead of throwing an exception. Default: 0
• "update" Bool - do not throw an exception if certificate already exists, update it instead. Default: 0
• "profile" Str - set the profile for this certificate as it was issued by this realm. This requires that the issuer is registered as certsign alias in the realm and creates a "fake" entry in the CSR table. This should only be used to import certificates in "dummy realms" or for migration purposes. Note that the CSR attributes table are NOT filled and not all workflows might be fully operational with such certificates! The profile must exist but its settings are not checked against the imported certificate.