Name

OpenXPKI::Server::Workflow::Activity::Tools::CertificateExportArchive

Description

Create a zip archive holding certifcate, key (openssl native format) and all chain certificates including the root, all certs are PEM encoded. The archive is written to the context at the given target_key. If the target_key does not start with an underscore, the archive data is encoded using base64.

Configuration

Activity parameters

cert_identifier: The cert to be exported.
key_password: The password which was used to persist the key, also used for encrypting the exported key if export_password is not set.
key_file, optional: The filename used inside the archive for the key, default is key.pem
crt_file, optional: The filename used inside the archive for the certificate, default is cert.pem
chain_file, optional: The filename used inside the archive for the ca/chain, default is chain.pem
export_password, optional: Encrypt the key with this password instead of the input password. Ignored if empty, to export unencrypted, you must also set the unencrypted flag.
unencrypted, optional: Set this to a boolean true value AND set export_password to the empty string to export the key unencrypted.
die_on_error, optional: Boolean, if true the activity will throw an exception if the private key could not be restored (which usually means that the wrong password was provided). If false/not set, the target_key is just empty on error.
target_key, optional: The context key to write the result to, default is certificate_export. Note: If you use a persisted workflow, this will leave the (password protected) key readable in the context forever.