Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::SeOpenXPKI::UsereContributed:PerliDocumentationPublishCertificate(3)

Name
       OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate

Description
       This class publishes a single certificate based on the publishing
       information associated with the certificate profile or a	given prefix.
       The certificate is identified by	the parameter cert_identifier which
       can be set in the action	definition. If unset, the class	falls back to
       the context value of cert_identifier.

   Publication by Profile
       The publishing information is read from the connector at
       profile.<profile	name>.publish which must be a list of names (scalar is
       also ok). If the	node does not exists, profile.default.publish is used.
       Each name is expanded to	the path publishing.entity.<name> which	must
       be a connector reference. The publication target	is taken from the
       parameter publish_key or	defaults to the	certificates common name (CN
       attribute parsed	from the final subject). The data portion contains a
       hash ref	with the keys pem, der and subject (full dn of the cert).

       Note: if	the evaluation of publish_key is empty but defined, the
       publication is stopped.

   Un-Publish
       If you set unpublish to a true value, the list of connectors is read
       from the	configuration at profile.<profile name>.unpublish (or
       profile.default.unpublish).

       The data	portion	is extended by the fields revocation_time, reason_code
       and invalidity_time. Fields are present even for	non-revoked
       certificates.

   Publication without Profile
       Instead of reading the publication targets from the profile you can
       point the activity directly to a	list of	connectors setting prefix to
       the base	path of	a hash.	Each key is the	internal name of the target,
       the value must be a connector reference.

       If unpublish is set, the	extra fields in	data hash are present but the
       list of targets remains the same.

Configuration
       Set the wanted connector	names in the certificates profile:

	 publish:
	   - extldap
	   - exthttp

       Define the connector references and implementations in publishing.yaml

	 entity:
	     extldap@: connector: publishing.connectors.ext-ldap
	     exthttp@: connector: publishing.connectors.ext-http

	 connectors:
	   ext-ldap:
	     class: Connector::Proxy::Net::LDAP::Single
	     LOCATION: ldap://localhost:389
	     ....

   Activity parameters
       prefix
	   Enables publishing to a fixed set of	connectors, disables per
	   profile settings.

       cert_identifier
	   Set the identifier of the cert to publish, optional,	default	is the
	   value of the	context	key cert_identifier.

       publish_key
	   The value to	be used	as key for the publication call, optional.
	   E.g.	to publish using the context value with	key "user_email" set
	   this	to "$user_email".

       unpublish
	   Boolean, adds revocation information	and changes config node	to
	   read	targets.

       export_context
	   Boolean, if set the full context is passed to the connector in the
	   third argument.

       on_error
	   Define what to do on	problems with the publication connectors. One
	   of:

	   exception (default)
	       The connector exception bubbles up and the workflow terminates.

	   skip
	       Skip the	publication target and continue	with the next one.

	   queue
	       Similar to skip,	but failed targets are added to	a queue. As
	       long as the queue is not	empty, pause/wake_up is	used to	retry
	       those targets with the retry parameters set. This obvioulsy
	       requires	retry_count to be set.

perl v5.32.0OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help