Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Server::WoOpUserKContributedWPerllDocumentation:Tools::PublishCRL(3)

Name
       OpenXPKI::Server::Workflow::Activity::Tools::PublishCRLs

Description
       This activity publishes a single	crl. The context must hold the
       crl_serial and the ca_alias parameters. crl_serial can have the value
       "latest"	which will resolve to the crl with the highest last_update
       date for	the issuer.

       The data	point you specify at prefix must contain a list	of connectors.
       Each connector is called	with the CN of the issuing ca as location.
       The data	portion	contains a hash	ref with the keys pem, der and subject
       (issuer subject)	holding	the appropriate	strings	and issuer which is
       the issuer subject parsed into a	hash as	used in	the template
       processing when issuing the certificates.

       There are severeal options to handle errors when	the connectors fail,
       details are given below (see on_error parameter).

Configuration
   Example
	  publish_crl_action:
	      class: OpenXPKI::Server::Workflow::Activity::Tools::PublishCRL
	      prefix: publishing.crl

   Activity parameters
       prefix
	   The config path where the connector configuration resides, in the
	   default configuration this is publishing.crl.

       on_error
	   Define what to do on	problems with the publication connectors. One
	   of:

	   exception (default)
	       The connector exception bubbles up and the workflow terminates.

	   skip
	       Skip the	publication target and continue	with the next one.

	   queue
	       Similar to skip,	but failed targets are added to	a queue. As
	       long as the queue is not	empty, pause/wake_up is	used to	retry
	       those targets with the retry parameters set. This obvioulsy
	       requires	retry_count to be set.

       crl_serial
	   The serial of the crl to publish or the keyword "latest" which
	   pulls the CRL with the latest last_update date for the given
	   issuer. Only	effective if NOT set in	the context.

   Context parameters
       ca_alias
	   The alias name of the CA

       crl_serial
	   The serial of the crl to publish or the keyword "latest" which
	   pulls the CRL with the latest last_update date for the given
	   issuer.

       tmp_publish_queue
	   Used	to temporary store unpublished targets when on_error is	set.

   Data	Source Configuration
       At the configuration path given in the prefix parameter,	you must
       provide a list of connectors:

	 publishing:
	   crl:
	     repo1@: connector:....
	     repo2@: connector:....

       To publish the crl to your webserver, here is an	example	connector:

	   cdp:
	       class: Connector::Builtin::File::Path
	       LOCATION: /var/www/myrealm/
	       file: "[% ARGS %].crl"
	       content:	"[% pem	%]"

       The ARGS	placeholder is replaced	with the CN part of the	issuing	ca. So
       if you name your	ca generations as "ServerCA-1" and "ServerCA-2", you
       will end	up with	two crls at "http://myhost/myrealm/ServerCA-1.crl"
       resp.  "http://myhost/myrealm/ServerCA-2.crl"

perl v5.24.1	    OpenXPKI::Server::Workflow::Activity::Tools::PublishCRL(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::PublishCRL&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help