Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help


       Create a	text export for	a certificate using a template.	The export
       file can	contain	the chain and private key.

   Activity parameters
	   The cert to be exported.

	   The PEM encoded private key,	protected by the given key_password.
	   Mandatory if	the private key	can not	be found in the	datapool.

	   A template toolkit string to	be used	to render the output. The
	   parser is called with five parameters. Certificates are PEM
	   encoded, keys might be in binary format, depending on the
	   key_format parameter!

	       The PEM encoded certificate.

	       The subject of the certificate

	   ca  The PEM encoded root certificate, might be empty	if the chain
	       can not be completed.

	   key The private key,	requires the key_password to be	set to the
	       correct value. Obviously, keys are only available if created or

	       An ARRAY	of PEM encoded intermediates, might be empty.

	   The password	which was used to persist the key, also	used for
	   encrypting the exported key if export_password is not set.

       key_format, optional
	   @see	OpenXPKI::Server::API2::Plugin::Cert::private_key

       export_password,	optional
	   Encrypt the key with	this password instead of the input password.
	   Ignored if empty, to	export unencrypted, you	must also set the
	   unencrypted flag.

       unencrypted, optional
	   Set this to a boolean true value AND	set export_password to the
	   empty string	to export the key unencrypted.

       alias, optional
	   For PKCS12 sets the so called "friendly name" for the certificate.
	   For Java Keystore sets the keystore alias.  Parameter is ignored
	   for any other key types.

       include_root_cert, optional
	   Only	valid with PKCS12 or JavaKeyStore format.  If set to a true
	   value, the root certificate will be included	in the file.  Warning:
	   Root	certificates should be distributed and validated with a
	   defined process and not as a	"drive-by"! Enable this	only if	you
	   are sure about the implications.

	   Boolean, if true the	activity will throw an exception if the
	   private key could not be restored (which usually means that the
	   wrong password was provided). If false/not set, the target_key is
	   just	empty on error.

       target_key, optional
	   The context key to write the	result to, default is
	   certificate_export.	Note: If you export a key and use a persisted
	   workflow, this will leave the (password protected) key readable in
	   the context forever.

perl v5.32.0 OpenXPKI::Server::Workflow::Activity::Tools::CertificateExport(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:

home | help