Name

OpenXPKI::Server::Workflow::Activity::Tools::AddCertExtension

Description

Add a new item to the cert_extension list. The items get persisted and added to the certificate on issue. Running this activity is equal to adding the data to the profiles OID section. See the profile documentation for details on the parameters.

Configuration

Parameters

oid: oid of the extension (numeric notation, named oids are not accepted).
format, optional: the format of the item, usually ASN1 or DER.
encoding, optional: encoding of the item
value: value to set, in case you set encoding to SEQUENCE, the value must be a valid string to be added as section in the openssl config file. If the value is empty, nothing is added.
critical: Set to 1 to mark this extension as critical

Example

To get the extension data in the context you must add the oid names to the PCSK10 parser activity:

    class: OpenXPKI::Server::Workflow::Activity::Tools::ParsePKCS10
    param:
       req_extensions: certificateTemplate certificateTemplateName

Single value

Add the certificateTemplateName extension using the value extracted from the PKCS10 request by the parser.

    class: OpenXPKI::Server::Workflow::Activity::Tools::AddCertExtension
    param:
        oid: 1.3.6.1.4.1.311.20.2
        format: ASN1
        encoding: UTF8String
        _map_value: "[% context.req_extensions.certificateTemplateName %]"

Example - Nested Sequence

    class: OpenXPKI::Server::Workflow::Activity::Tools::AddCertExtension
    param:
        oid: 1.3.6.1.4.1.311.21.7
        format: ASN1
        encoding: SEQUENCE
        _map_value: |
            [% IF context.req_extensions.certificateTemplate %]
            field1=OID:[% context.req_extensions.certificateTemplate.templateID %]
            field2=INT:[% context.req_extensions.certificateTemplate.templateMajorVersion %]
            field3=INT:[% context.req_extensions.certificateTemplate.templateMinorVersion %]
            [% END %]