Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Server::WorOUserPContributed:PerlfDocumentationName
       OpenXPKI::Server::Workflow::Activity::Tools::PublishCA

Description
       This activity publishes a single	ca certificate.	The context must hold
       the ca_alias parameter. The data	point you specify at prefix must
       contain a list of connectors. Each connector is called with the CN of
       the certificate as location. The	data portion contains a	hash ref with
       the keys	pem, der and subject holding the appropriate strings and dn
       which is	the subject parsed into	a hash as used in the template
       processing when issuing the certificates.

Configuration
   Example
       Set the "prefix"	paramater to tell the activity where to	find the
       connector

	   publish_crl:
	       class: OpenXPKI::Server::Workflow::Activity::Tools::PublishCA
	       label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CRL_ISSUANCE_PUBLISH_CA_LABEL
	       description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CRL_ISSUANCE_PUBLISH_CA_DESC
	       input:
		 - ca_alias
	       param:
		   prefix: publishing.cacert

       Set up the connector using this syntax

	 publishing:
	   cacert:
	     repo1@: connector:....
	     repo2@: connector:....

       To publish the certificate to your LDAP with autocreation of missing
       nodes, here is an example connector:

	   ldap-cacert:
	       class: Connector::Proxy::Net::LDAP::Single
	       LOCATION: ldap://localhost:389
	       base: ou=pki,dc=mycompany,dc=com
	       filter: (cn=[% ARGS.0 %])
	       binddn: cn=admin,dc=mycompany,dc=com
	       password: admin
	       attrmap:
		   der:	cacertificate;binary

	       create:
		   basedn: ou=pki,dc=mycompany,dc=com
		   rdnkey: cn

	       schema:
		   cn:
		       objectclass: top	organizationalRole pkiCA crlDistributionPoint

   Activity parameters
       prefix
	   The config path where the connector configuration resides, in the
	   default configuration this is publishing.cacert.

       on_error
	   Define what to do on	problems with the publication connectors. One
	   of:

	   exception (default)
	       The connector exception bubbles up and the workflow terminates.

	   skip
	       Skip the	publication target and continue	with the next one.

	   queue
	       Similar to skip,	but failed targets are added to	a queue. As
	       long as the queue is not	empty, pause/wake_up is	used to	retry
	       those targets with the retry parameters set. This obvioulsy
	       requires	retry_count to be set.

   Context parameters
       ca_alias
	   The alias name of the CA

       tmp_publish_queue
	   Used	to temporary store unpublished targets when on_error is	set.

perl v5.24.1	     OpenXPKI::Server::Workflow::Activity::Tools::PublishCA(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::PublishCA&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help