GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate(3) User Contributed Perl Documentation OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate(3)

OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate

Publish a single certificate based on the publishing information associated with the certificate profile or a given prefix.

The certificate is identified by the parameter cert_identifier which can be set in the action definition. If unset, the class falls back to the context value of "cert_identifier".

The publishing information is read from the connector at profile.<profile name>.publish which must be a list of names (scalar is also ok). If the node does not exists, profile.default.publish is used. Each name is expanded to the path publishing.entity.<name> which must be a connector reference. The publication target is taken from the parameter publish_key or defaults to the certificates common name (CN attribute parsed from the final subject). The data portion contains a hash ref with the keys pem, der and subject (full dn of the cert).

Note: if the evaluation of publish_key is empty but defined, the publication is stopped.

If you set unpublish to a true value, the list of connectors is read from the configuration at profile.<profile name>.unpublish (or profile.default.unpublish).

The data portion is extended by the fields revocation_time, reason_code and invalidity_time. Fields are present even for non-revoked certificates.

Instead of reading the publication targets from the profile you can point the activity directly to a list of connectors setting prefix to the base path of a hash. Each key is the internal name of the target, the value must be a connector reference.

If unpublish is set, the extra fields in data hash are present but the list of targets remains the same.

Set the wanted connector names in the certificates profile: 

  publish:
    - extldap
    - exthttp

Define the connector references and implementations in publishing.yaml

  entity:
      extldap@: connector: publishing.connectors.ext-ldap
      exthttp@: connector: publishing.connectors.ext-http

  connectors:
    ext-ldap:
      class: Connector::Proxy::Net::LDAP::Single
      LOCATION: ldap://localhost:389
      ....

prefix / target
Enables publishing to a fixed set of connectors, disables per profile settings. Base path fot target is publishing.entity

See OpenXPKI::Server::Workflow::Role::Publish

cert_identifier
Set the identifier of the cert to publish, optional, default is the value of the context key cert_identifier.
publish_key
The value to be used as key for the publication call, optional. E.g. to publish using the context value with key "user_email" set this to "$user_email".
unpublish
Boolean, adds revocation information and changes config node to read targets.
export_context
Boolean, if set the full context is passed to the connector in the third argument.
on_error
Define what to do on problems with the publication connectors. See OpenXPKI::Server::Workflow::Role::Publish
2022-05-14 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.