Activity Parameters

pkcs10

The PEM formatted pkcs10 request, has priority over context key.

cert_profile

Determines the used profile, has priority over context key.

cert_subject_style

Determines the used profile substyle, has priority over context key.

key_params

If set to a true value, details of the used public key are available in the key_params context entry. Requires Crypt::PK::ECC if ECC keys need to be handled.

verify_signature

If set to a true value, the signature of the PKCS#10 container is checked and the boolean result is written to csr_signature_valid. If not set, the parameter is deleted from the context. It is recommended to check the PCKS#10 container on upload already using the validator. Note that at least the default backend will refuse broken signatures on the request to issue, so you MUST handle this.

subject_prefix

Prefix for context output keys to write the subject information into (cert_subject_parts, cert_san_parts, cert_subject_alt_name). Default is cert_.

Expected context values

pkcs10

Read pkcs10 request from if not set using activity param.

cert_profile

Read cert_profile request from if not set using activity param.

cert_subject_style

Read cert_subject_style request from if not set using activity param.

req_extensions

List of OIDs (or names) of request extensions, multiple items must be seperated by space. For each extensions that is found in the request, a item in the req_extension context item is created. The key is the given name, the content is the raw data as returned by Crypt::PKCS10 and depends on the extensions.

req_attributes

List of OIDs (or names) of request attributes, similar to req_extension.

Context value to be written

csr_subject

The extracted subject as string (comma seperated)

cert_subject_parts

If a valid profile is given, contains the preset values for all fields given in the profiles subject section. The values are determined by running the appropriate template string for each field with the data extracted from the csr.

In plain mode, it contains the parsed DN as key-value pairs where the key is the shortname of the component (e.g: OU) and the value is an array of values found. Note that any component is an array even if it has only one item. All items found in the SAN part are also added with a prefix "SAN_" and all uppercased names as used by openssl (SAN_OTHERNAME, SAN_EMAIL, SAN_DNS, SAN_DIRNAME, SAN_URI, SAN_IP, SAN_RID)

cert_san_parts

Only in profile mode. Contains the preset values for all fields given in the profiles san section. The values are determined by running the appropriate template string for each field with the data extracted from the csr.

cert_subject_alt_name

Only in plain mode. All SAN items as nested array list. Each item of the list is a two item array with name and value of one SAN item. The names are given as required to build then openssl extension file (otherName, email, DNS, dirName, URI, IP, RID).

csr_key_alg

Algorithm of the public key, one of rsa, dsa, ec, unsupported

csr_digest_alg

The digest algorithm used to create the signature request (e.g. md5, sha1).

csr_key_params

Hash holding additional information on the used public key, only present if key_params is set. Keys depend on the type of the key.

csr_subject_key_identifier

The key identifier of the used public key, Hex with uppercased letters. The format is identical to the return value of the API method get_key_identifier_from_data and the format used in the certificates table.

csr_signature_valid

Boolean, set only if validate_signature is set and recevies a literal 0/1 weather the PKCS#10 containers signature can be validated.